122fc90edc
Upstream does not offer localized tarballs for 6.9.4, so download the 6.9.1 tarballs and apply files/patch-6.9.1-to-6.9.4 instead. Security fixes in 6.9.2: - Blind SSRF - PoP-chain weakness in HTML API and Block Registry - Regex DoS in Numeric Character References - Stored XSS in Nav Menus - AJAX query-attachments Authorization Bypass - Stored XSS via data-wp-bind directive - XSS allowing override of client-side templates in admin area - PclZip Path Traversal - Authorization Bypass on Notes feature - XXE in external getID3 library Bug fix in 6.9.3: - Restore compatibility for themes using stringable objects with the template_include filter (regression introduced in 6.9.2) Security fixes in 6.9.4 (incomplete fixes from 6.9.2 re-addressed): - PclZip Path Traversal - Authorization Bypass on Notes feature - XXE in external getID3 library