WordPress 4.9.2 has been released and patches a cross-site scripting vulnerability in the Flash fallback files in the MediaElement library. According to Ian Dunn, the Flash files are rarely needed and have been removed from WordPress.
If you need access to the Flash fallback files, they can be obtained using the MediaElement Flash Fallback plugin. Enguerran Gillier and Widiz are credited with responsibly disclosing the vulnerability.
In addition to the patch, this releases fixes 21 bugs. JavaScript errors that prevented saving posts in Firefox has been fixed and switching themes will attempt to restore previous widget assignments, even if no sidebars exist.
You can view detailed information about the changes in 4.9.2 by reading the following Codex article.
