Identifying Code Changes Related to Security

Hello, Great plugin! We are wondering if there’s a way to identify which programs in the code base were changed for the following security related changes.

5.9.7 Added various precautionary data sanitization for security enhancement. Replaced all uses of wp_redirect with wp_safe_redirect as a security precaution (this one is self explanatory).

5.9.7.2 Fixed CSV injection vulnerability which can allow malicious text to be exported to CSV files and parsed by Spreadsheet.

5.9.8 Fixed XSS vulnerability. Fixed potential SQL injection vulnerability.

5.9.9 Fixed potential minor vulnerability in oAuth base class where state could be omitted when verifying/authorizing account.

We realize the best approach is updating to the latest version, but in some cases, that isn’t yet an option. There are a lot of changes in these releases and we’re finding it difficult to identify just the ones related to security fixes shown above. The development log is helpful, but we don’t see a non-manual way of weeding out changes unrelated to security improvements or vulnerabilities.

Thanks.