WordPress 4.9.5 Security and Maintenance Release

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

  1. Don’t treat localhost as same host by default.
  2. Use safe redirects when redirecting the login page if SSL is forced.
  3. Make sure the version string is correctly escaped for use in generator tags

All hosted customers have been updated to WordPress 4.9.5 automatically.  You can read more about this release here.