WordPress 5.5 Beta 4 is now available!
This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.
You can test WordPress 5.5 Beta 4 in two ways:
WordPress 5.5 is slated for release on August 11th, 2020, and we need your help to get there!
Thank you to all of the contributors who tested the beta 3 development release and gave feedback. Testing for bugs is a critical part of polishing every release and a great way to contribute to WordPress.
Some highlights
Since beta 3, 43 bugs have been fixed. Here are a few changes in beta 4:
- Add
"loading"
as an allowed kses image attribute (see #50731). - Add filter for the plugin/theme auto-update message in the Info tab of Site health (see #50663).
$_SERVER['SERVER_NAME']
not a reliable when generating email host names (see #25239)- Several backported fixes from Gutenberg are included in WordPress 5.5 Beta 4 (See PR #24218)
Developer notes
WordPress 5.5 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.
How to Help
Do you speak a language other than English? Help translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!
If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Like this:
Like Loading...
WordPress 5.5 Beta 3 is now available!
This software is still in development,so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.
You can test WordPress 5.5 Beta 3 in two ways:
WordPress 5.5 is slated for release on August 11th, 2020, and we need your help to get there!
Thank you to all of the contributors who tested the beta 2 development release and gave feedback. Testing for bugs is a critical part of polishing every release and a great way to contribute to WordPress.
Some highlights
Since beta 2, 43 bugs have been fixed. Here are a few changes in beta 3:
- Plugin and theme versions are now shared in the emails when automatically updated (see #50350).
- REST API routes without a
permission_callback
now trigger a _doing_it_wrong()
warning (see #50075). - Over 23 Gutenberg changes and updates (see #24068 and #50712).
- A bug with the new import and export database Dashicons has been fixed (see #49913).
Developer notes
WordPress 5.5 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.
How to Help
Do you speak a language other than English? Help translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!
If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Like this:
Like Loading...
WordPress 5.5 Beta 2 is now available!
This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.
You can test WordPress 5.5 beta 2 in two ways:
WordPress 5.5 is slated for release on August 11th, 2020, and we need your help to get there!
Thank you to all of the contributors that tested the beta 1 development release and provided feedback. Testing for bugs is an important part of polishing each release and a great way to contribute to WordPress. Here are some of the changes since beta 1 to pay close attention to while testing.
Some highlights
Since beta 1, 48 bugs have been fixed. Here is a summary of a few changes included in beta 2:
- 19 additional bugs have been fixed in the block editor (see #23903 and #23905).
- The Dashicons icon font has been updated (see #49913).
- Broken widgets stemming from changes in Beta 1 have been fixed (see #50609).
- Query handling when counting revisions has been improved (see #34560).
- An alternate, expanded view was added for
wp_list_table
(see #49715). - Some adjustments were made to the handling of default terms for custom taxonomies (see #43517)
Several updates have been made to the block editor. For details, see #23903 and #23905.
Developer notes
WordPress 5.5 has lots of refinements to polish the developer experience. To keep up, subscribe to the Make WordPress Core blog and pay special attention to the developers’ notes for updates on those and other changes that could affect your products.
How to Help
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you!
If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Like this:
Like Loading...
WordPress 5.5 Beta 1 is now available for testing!
This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.
You can test the WordPress 5.5 beta in two ways:
The current target for final release is August 11, 2020. This is only five weeks away. Your help is needed to ensure this release is tested properly.
Testing for bugs is an important part of polishing the release during the beta stage and a great way to contribute. Here are some of the big changes and features to pay close attention to while testing.
Block editor: features and improvements
WordPress 5.5 will include eleven releases of the Gutenberg plugin, bringing with it a long list of exciting new features. Here are just a few:
- Inline image editing – Crop, rotate, and zoom photos inline right from image blocks.
- Block patterns – Building elaborate pages can be a breeze with new block patterns. Several are included by default.
- Device previews – See how your content will look to users on many different screen sizes.
- End block overwhelm. The new block inserter panel displays streamlined categories and collections. As a bonus, it supports patterns and integrates with the new block directory right out of the box.
- Discover, install, and insert third-party blocks from your editor using the new block directory.
- A better, smoother editing experience with:
- Refined drag-and-drop
- Block movers that you can see and grab
- Parent block selection
- Contextual focus highlights
- Multi-select formatting lets you change a bunch of blocks at once
- Ability to copy and relocate blocks easily
- And, better performance
- An expanded design toolset for themes.
- Now add backgrounds and gradients to more kinds of blocks, like groups, columns, media & text
- And support for more types of measurements — not just pixels. Choose ems, rems, percentages, vh, vw, and more! Plus, adjust line heights while typing, turning writing and typesetting into the seamless act.
In all, WordPress 5.5 brings more than 1,500 useful improvements to the block editor experience.
To see all of the features for each release in detail check out the release posts: 7.5, 7.6, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, and 8.5.
Wait! There’s more!
XML sitemaps
XML Sitemaps are now included in WordPress and enabled by default. Sitemaps are essential to search engines discovering the content on your website. Your site’s home page, posts, pages, custom post types, and more will be included to improve your site’s visibility.
Auto-updates for plugins and themes
WordPress 5.5 also brings auto-updates for plugins and themes. Easily control which plugins and themes keep themselves up to date on their own. It’s always recommended that you run the latest versions of all plugins and themes. The addition of this feature makes that easier than ever!
Lazy-loading images
WordPress 5.5 will include native support for lazy-loaded images utilizing new browser standards. With lazy-loading, images will not be sent to users until they approach the viewport. This saves bandwidth for everyone (users, hosts, ISPs), makes it easier for those with slower internet speeds to browse the web, saves electricity, and more.
Better accessibility
With every release, WordPress works hard to improve accessibility. Version 5.5 is no different and packs a parcel of accessibility fixes and enhancements. Take a look:
- List tables now come with extensive, alternate view modes.
- Link-list widgets can now be converted to HTML5 navigation blocks.
- Copying links in media screens and modal dialogs can now be done with a simple click of a button.
- Disabled buttons now actually look disabled.
- Meta boxes can now be moved with the keyboard.
- A custom logo on the front page no longer links to the front page.
- Assistive devices can now see status messages in the Image Editor.
- The shake animation indicating a login failure now respects the user’s choices in the
prefers-reduced-motion
media query. - Redundant
Error:
prefixes have been removed from error notices.
Miscellaneous Changes
Keep your eyes on the Make WordPress Core blog for 5.5-related developer notes in the coming weeks, breaking down these and other changes in greater detail.
So far, contributors have fixed more than 360 tickets in WordPress 5.5, including 157 new features and enhancements, and more bug fixes are on the way.
How You Can Help
Do you speak a language other than English? Help translate WordPress into more than 100 languages!
If you think you’ve found a bug, please post to the Alpha/Beta area in the support forums. We would love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac. That’s also where you can find a list of known bugs.
Props to @webcommsat, @yvettesonneveld, @estelaris, and @marybaum for compiling/writing this post, @davidbaumwald for editing/proof reading, and @cbringmann, @desrosj, and @andreamiddleton for final review.
Like this:
Like Loading...
June was an exciting month for WordPress! Major changes are coming to the Gutenberg plugin, and WordCamp Europe brought the WordPress community closer together. Read on to learn more and to get all the latest updates.
WordPress 5.4.2 released
We said hello to WordPress 5.4.2 on June 10. This security and maintenance release features 17 fixes and 4 enhancements, so we recommend that you update your sites immediately. To download WordPress 5.4.2, visit your Dashboard, click on Updates, then Update Now, or download the latest version directly from WordPress.org. For more information, visit this post, review the full list of changes on Trac, or check out the HelpHub documentation page for version 5.4.2. WordPress 5.4.2 is a short-cycle maintenance release. The next major release will be version 5.5, planned for August 2020.
Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.
Gutenberg 8.3 and 8.4
The core team launched Gutenberg 8.3 and 8.4 this month, paving the way for some exciting block editor features. Version 8.3 introduced enhancements like a reorganized, more intuitive set of block categories, a parent block selector, an experimental spacing control, and user-controlled link color options. Version 8.4 comes with new image-editing tools and the ability to edit options for multiple blocks. The block directory search feature that was previously available as an experimental feature, is now enabled for all Gutenberg installations. For full details on the latest versions on these Gutenberg releases, visit these posts about 8.3 and 8.4.
Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.
WordPress Bumps Minimum Recommended PHP Version to 7.2
In a major update, WordPress has bumped the minimum PHP recommendation to 7.2. The ServeHappy API has been updated to set the minimum acceptable PHP version to 7.2, while the WordPress downloads page recommends 7.3 or newer. Previously, the ServeHappy dashboard widget was showing the upgrade notice to users of PHP 5.6 or lower. This decision comes after discussions with the core Site Health team and the Hosting team, both of which recommended that the upgrade notice be shown to users of PHP <=7.1.
WordCamp Europe 2020 Moved Online
Following the success of a remote WordCamp Spain, WordCamp Europe was held fully online from June 4 to 6. The event drew a record 8,600 signups from people based in 138 countries, along with 2,500 signups for contributor day. WCEU Online also showcased 33 speakers and 40 sponsors, in addition to a Q&A with Matt Mullenweg. You can find the videos of the event in WordPress.tv by following this link, or you can catch the live stream recording of the entire event from the WP Europe YouTube Channel.
Want to get involved with the Community team? Follow the Community blog here, or join them in the #community-events channel in the Making WordPress Slack group. To organize a Meetup or WordCamp, visit the handbook page.
Further Reading:
- Josepha Haden (@chanthaboune), the executive director of the WordPress project, published a post that highlights resources on how the global WordPress community can focus on equity to help dismantle racial, societal, and systemic injustice.
- PHP, the primary programming language in which WordPress is written, celebrated its 25th anniversary this month!
- The Community team is updating the WordCamp code of conduct to address discrimination based on age, caste, social class, and other identifying characteristics.
- The WordPress Core team is promoting more inclusive language by updating all git repositories to use `trunk` instead of `master`. Additionally, the team proposes to rename “invalid,” “worksforme,” and “wontfix” ticket resolutions to “not-applicable,” “not-reproducible” or “cannot-reproduce,” and “not-implemented,” respectively.
- The Documentation team is working on an external linking policy and has started a discussion on how to allow linking to trusted sources to benefit users.
- The Core team has put up a proposal to merge extensible core sitemaps to WordPress core in the 5.5 release. The feature is currently available as a feature plugin.
- WordCamp Denver was held online May 26–27. The event sold over 2,400 tickets and featured 27 speakers and 20 sponsors. You can catch the recorded live stream on the event site.
- The Core team is working on updating the version of jQuery used in WordPress core.
Have a story that we should include in the next “Month in WordPress” post? Please submit it here.
Like this:
Like Loading...
WordPress 5.4.2 is now available!
This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade.
If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the bugs for you.
Security Updates
WordPress versions 5.4 and earlier are affected by the following bugs, which are fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.
- Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.
Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.
One maintenance update was also deployed to versions 5.1, 5.2 and 5.3. See the related developer note for more information.
You can browse the full list of changes on Trac.
For more info, browse the full list of changes on Trac or check out the Version 5.4.2 documentation page.
WordPress 5.4.2 is a short-cycle maintenance release. The next major release will be version 5.5.
You can download WordPress 5.4.2 from the button at the top of this page, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Thanks and props!
In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.2 happen:
Andrea Fercia, argentite, M Asif Rahman, Jb Audras, Ayesh Karunaratne, bdcstr, Delowar Hossain, Rob Migchels, donmhico, Ehtisham Siddiqui, Emilie LEBRUN, finomeno, garethgillman, Giorgio25b, Gabriel Maldonado, Hector F, Ian Belanger, Aaron Jorbin, Mathieu Viet, Javier Casares, Joe McGill, jonkolbert, Jono Alderson, Joy, Tammie Lister, Kjell Reigstad, KT, markusthiel, Mayank Majeji, Mel Choyce-Dwan, mislavjuric, Mukesh Panchal, Nikhil Bhansi, oakesjosh, Dominik Schilling, Arslan Ahmed, Peter Wilson, Carolina Nymark, Stephen Bernhardt, Sam Fullalove, Alain Schlesser, Sergey Biryukov, skarabeq, Daniel Richards, Toni Viemerö, suzylah, Timothy Jacobs, TeBenachi, Jake Spurlock and yuhin.
Like this:
Like Loading...
Over the past week, I’ve been thinking a lot about George Floyd, Breonna Taylor, and Ahmaud Arbery. I have been thinking about white supremacy, the injustice that Black women and men are standing up against across the world, and all the injustices I can’t know, and don’t see.
The WordPress mission is to democratize publishing, and to me, that has always meant more than the freedom to express yourself. Democratizing publishing means giving voices to the voiceless and amplifying those speaking out against injustice. It means learning things that we otherwise wouldn’t. To me, it means that every voice has the ability to be heard, regardless of race, wealth, power, and opportunity. WordPress is a portal to commerce; it is a canvas for identity, and a catalyst for change.
While WordPress as an open source project may not be capable of refactoring unjust judicial systems or overwriting structural inequality, this does not mean that we, the WordPress community, are powerless. WordPress can’t dismantle white supremacy, but the WordPress community can invest in underrepresented groups (whose experiences cannot be substituted for) and hire them equitably. WordPress can’t eradicate prejudice, but the WordPress community can hold space for marginalized voices in our community.
There is a lot of racial, societal, and systemic injustice to fight. At times, change may seem impossible, and certainly, it’s been too slow. But I know in my heart that the WordPress community is capable of changing the world.
If you would like to learn more about how to make a difference in your own community, here are a few resources I’ve gathered from WordPressers just like you.
Like this:
Like Loading...
May was an action-packed month for WordPress! WordPress organizers are increasingly moving WordCamps online, and contributors are taking big steps towards Full Site Editing with Gutenberg. To learn more and get all the latest updates, read on.
Gutenberg 8.1 and 8.2
Gutenberg 8.1 was released on May 13, followed quickly by Gutenberg 8.2 on May 27.
- 8.1 added new block pattern features making it easier to insert desired patterns, along with a new pattern. It also added a button to collapsed block actions for copying the selected block, which will help touchscreen users or users who don’t use keyboard shortcuts.
- 8.2 introduced block pattern categories and a `viewportWidth` property that will be particularly useful for large block patterns. There is also a new content alignment feature, and enhancements to improve the writing experience.
Both releases include a number of new APIs, enhancements, bug fixes, experiments, new documentation, improvement to code quality, and more! To learn the latest, visit the announcement posts for Gutenberg 8.1 and Gutenberg 8.2.
Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.
Gutenberg Phase 2: Steps Towards Full Site Editing
Contributors are currently working hard on Phase 2 of Gutenberg! Where Phase 1 introduced the new block editor with WordPress 5.0, Phase 2 sees more customization and includes one of the biggest Gutenberg projects: Full Site Editing (FSE). At the moment, work on WordPress 5.5 has been initiated and contributors decided to include basic functionality for Full Site Editing in this release. FSE hopes to streamline the site creation and building process in WordPress using a block-based approach. There’s a lot of conversation and new information about FSE, so communication around the project is very important. On May 28th, a conversation was held in the #core-customize channel to discuss FSE and the future of the Customizer. To help everyone track the latest information, this post summarizes ways to keep up with FSE.
Want to get involved with Gutenberg and FSE? Follow the Core team blog and join the #core-editor channel in the Making WordPress Slack group. You can also check the FSE pull requests and issues on GitHub.
Theme Review Team Rebranding
Representatives of the Themes Review Team have decided to update their team name to “Themes Team.” This decision reflects changes that the block editor brings to the landscape of themes with the Full Site Editing project. The team has always been involved in projects beyond reviewing WordPress.org themes and lately, the team has been contributing more to themes in general — including open-source packages, contributions to Full Site Editing, the Twenty Twenty theme, and more. You can read more about the name change in the team’s meeting notes.
Want to get involved with the Themes Team? Follow the Themes blog here, or join them in the #themereview channel in the Making WordPress Slack group.
Online WordCamp Program Announced
To assist organizers with moving their WordCamps online, the WordPress Community team has prepared a new set of guidelines for online WordCamps. The Community Team will cover online production and captioning costs associated with any online WordCamp without the need for local sponsorship. The team also updated its guidelines to cover the regional focus of online events, and modified the code of conduct to cater to the new format. The WordCamp schedule has also been updated to indicate whether an event is taking place online or not. You can find resources, tools, and information about online WordPress events in our Online Events Handbook. They have also prepared a new set of guidelines for in-person events taking place in 2020, in the light of COVID-19 challenges.
Want to get involved with the Community team? Follow the Community blog here, or join them in the #community-events channel in the Making WordPress Slack group. To organize a Meetup or WordCamp, visit the handbook page.
BuddyPress 6.0.0 “iovine’s”
On May 13th, BuddyPress 6.0.0, known as “iovine’s,” was released. This release includes two new blocks for the WordPress Editor: Members and Groups. It also saw the completion of the BP REST API, adding the six remaining endpoints, and the move or local avatar management to the Members component. Beyond that, 6.0.0 includes more than 80 changes, made possible by 42 contributors.
Want to download this latest version of BuddyPress? Get it here. You can also help by translating BuddyPress into another language or letting the team know of any issues you find in the support forums.
WordCamp Spain Online Concludes Successfully
WordPress Meetup organizers in Spain joined hands to organize WordCamp Spain online from May 6 to 9, which proved to be a huge success. The event had more than 5,500 attendees, 60 speakers, and 16 sponsors. Over 200 people from around the world participated in the Contributor Day. Matt Mullenweg hosted an AMA for the participants, facilitated by Mattias Ventura’s on-the-spot Spanish translation.
If you missed the event, you can watch videos from WordCamp Spain online at WordPress.TV. Want to organize a regional WordCamp? Learn more about that here!
Further Reading:
Have a story that we should include in the next “Month in WordPress” post? Please submit it here.
Like this:
Like Loading...
April continued to be a challenging time for the WordPress community, with many under stay-at-home recommendations. However, it was also an exciting month in which we created new ways to connect with and inspire each other! This month, amazing contributors moved more WordCamps online and shipped new releases for WordPress and Gutenberg. For the latest, read on.
WordPress 5.4.1 released
On April 24th, WordPress 5.4.1 Release Candidate 1 (RC1) was released for testing, quickly followed by the official release of WordPress 5.4.1 on April 29th. This security release features 17 bug fixes and seven security fixes, so we recommend updating your sites immediately. To download WordPress 5.4.1, visit your Dashboard, click on Updates, then Update Now, or download the latest version directly from WordPress.org. For more information, visit this post, review the full list of changes on Trac, or check out the version 5.4.1 HelpHub documentation page.
Want to get involved in building WordPress Core? Follow the Core team blog, and join the #core channel in the Making WordPress Slack group.
Gutenberg 7.9 and 8.0 released
It was another exciting month for Gutenberg, with the release of 7.9 and 8.0! Version 7.9 brought new block design tools, three new patterns, and improved block markup. Gutenberg 8.0 continued to refine the new block patterns feature, with additional options for inline formatting, and extending the functionality of the Code Editor. In addition to these new features, both releases included new enhancements and APIs, along with a number of bug fixes, performance improvements, some experiments, and more! You can read all the details about the latest Gutenberg releases in the announcement posts for 7.9 and 8.0.
Want to get involved in building Gutenberg? Follow the Core team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Making WordPress Slack group.
BuddyPress 6.0.0
BuddyPress 6.0.0-beta2 was released for testing in mid-April, leading to the BuddyPress 6.0.0 Release Candidate, announced on April 29. This is an important step before the final release of BuddyPress 6.0.0, which is slated for Thursday, May 14. Changes and new features in this release include moving the profile photo and user cover image under the BP Members component, and a new BP Rest API. Additionally, this release will introduce the first round of BuddyPress Blocks! Last, but not least, BuddyPress 6.0.0 will require at least PHP 5.6 and WordPress 4.8.
Want to get involved? Test the 6.0.0-RC here! You can also help by translating BuddyPress into another language, or let the team know of any issues you find, either in the support forums and/or in their development tracker.
WordCamp US goes online, apply to speak!
WordCamp US will take place online due to the COVID-19 pandemic. The event still runs from October 27-29, 2020, and will be free to anyone who wishes to attend. The team plans to offer what WCUS has historically brought to the community in person: sessions and workshops, Contributor Day, a hallway track, and of course, State of the Word.
Interested in speaking at WCUS? The Call for Speakers is still open! You can apply to speak on the speaker application site until May 31, 2020 at 11:59 pm CDT (UTC-5).
Additionally, the Call for Cities is also open. If your community is interested in hosting WordCamp US in 2021 & 2022, please fill out this application.
For the latest information about WordCamp US, sign up for updates on the website, or follow Facebook, Twitter, or Instagram.
WordCamp Europe 2020 goes virtual
Last month, WordCamp Europe decided to postpone its Porto event to 2021. This April, the WCEU organizing team announced that the 2020 WordCamp will be online! WordCamp Europe 2020 Online will take place from June 4-6, 2020, and tickets will be free. There will be a virtual Contributor Day on June 4, and then two half days of live-streamed talks and workshops. To participate, get your free ticket here.
To get the latest news for WordCamp Europe 2020 Online, follow on Facebook, Twitter, LinkedIn, or on Instagram.
Further Reading
Have a story that we should include in the next “Month in WordPress” post? Please submit it here.
Like this:
Like Loading...
WordPress 5.4.1 is now available!
This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.4.1 is a short-cycle security and maintenance release. The next major release will be version 5.5.
You can download WordPress 5.4.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security Updates
Seven security issues affect WordPress versions 5.4 and earlier. If you haven’t yet updated to 5.4, all WordPress versions since 3.7 have also been updated to fix the following security issues:
- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated.
- Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated.
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block.
- Props to Nick Daugherty from WordPress VIP / WordPress Security Team who discovered an XSS issue in
wp-object-cache
. - Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.
- Props to Weston Ruter for fixing a stored XSS vulnerability in the WordPress customizer.
- Additionally, an authenticated XSS issue in the block editor was discovered by Nguyen The Duc (ducnt) in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted to be sure to give credit and thank them for all of their work in making WordPress more secure.
Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.
For more information, browse the full list of changes on Trac, or check out the version 5.4.1 HelpHub documentation page.
In addition to the security researchers mentioned above, thank you to everyone who helped make WordPress 5.4.1 happen:
Alex Concha, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andy Fragen, Andy Peatling, arnaudbroes, Chris Van Patten, Daniel Richards, DhrRob, Dono12, dudo, Ehtisham Siddiqui, Ella van Durpe, Garrett Hyder, Ian Belanger, Ipstenu (Mika Epstein), Jake Spurlock, Jb Audras, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Jorge Costa, K. Adam White, Kelly Choyce-Dwan, MarkRH, mattyrob, Miguel Fonseca, Mohammad Jangda, Mukesh Panchal, Nick Daugherty, noahtallen, Paul Biron, Peter Westwood, Peter Wilson, pikamander2, r-a-y, Riad Benguella, Robert Anderson, Samuel Wood (Otto), Sergey Biryukov, Søren Brønsted, Stanimir Stoyanov, tellthemachines, Timothy Jacobs, Toro_Unit (Hiroshi Urabe), treecutter, and yohannp.
Like this:
Like Loading...
« Newer Posts —
Older Posts »