Title: Version 3.8.17
Published: May 17, 2019

---

# Version 3.8.17

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#wp--skip-link--target)

On 11 Jan, 2017, WordPress 3.8.17 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#installation-update-information)󠁿

To download WordPress 3.8.17, update automatically from the Dashboard > Updates 
menu in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#summary)󠁿

From the [WordPress 4.7.1 release post](https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/):
WordPress versions 4.7 and earlier are affected by seven security issues:

 1. Remote code execution (RCE) in PHPMailer – _No specific issue appears to affect
    WordPress_ or any of the major plugins we investigated but, out of an abundance
    of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer
    by [Dawid Golunski](https://legalhackers.com/) and [Paul Buonopane](https://twitter.com/Zenexer).
 2. Cross-site scripting (XSS) via the plugin name or version header on `update-core.
    php`. Reported by [Dominik Schilling](https://dominikschilling.de/) of the WordPress
    Security Team.
 3. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by
    [Abdullah Hussam](https://twitter.com/Abdulahhusam).
 4. Cross-site scripting (XSS) via theme name fallback. Reported by [Mehmet Ince](https://pentest.blog/).
 5. Post via email checks `mail.example.com` if default settings aren’t changed. Reported
    by John Blackbourn of the WordPress Security Team.
 6. A cross-site request forgery (CSRF) was discovered in the accessibility mode of
    widget editing. Reported by [Ronnie Skansing](https://dk.linkedin.com/in/ronni-skansing-36143b65).
 7. Weak cryptographic security for multisite activation key. Reported by [Jack](https://itsjack.cc/).

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-8-17/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    wp-includes/class-wp-theme.php
    wp-includes/class-phpmailer.php
    wp-includes/ms-functions.php
    wp-includes/version.php
    wp-includes/class-smtp.php
    wp-includes/functions.php
    wp-mail.php
    license.txt
    readme.html
    wp-admin/widgets.php
    wp-admin/update-core.php
    wp-admin/about.php
    wp-admin/includes/media.php
    wp-admin/includes/screen.php
    ```

First published

May 17, 2019

Last updated