WordPress has evolved over the years and has proved to be a robust content management system. The platform contributes a share of 14.7% in the top 100 websites across the globe and it wouldn’t be hype if we say, WordPress never sleeps. Like really!!

It constantly updates and improves to create a better experience for the audience. It has the capacity to handle an enormous amount of traffic over the platform and publishes over 70 million posts every month. The number is no joke, right?

Having said that, it is their prime responsibility to handle all the bugs and acknowledge them at the earliest. The internet would be slowed down if any of the security breaches is left unattended by the WordPress development officials. And hence, WordPress released two major releases in the recent past. The release rolled out on 13th Dec’19 acknowledges some security and maintenance fix.

To be specific, this update contains 46 enhancement features, some of which are visible to the users and some are not. It has fixed a number of security fixes and you can download this version easily from the Dashboard by selecting the “Update Now” option.

However, for the websites that have automated the update process, the version is already in use for them.
The security breaches found with WordPress 5.3 has been resolved in this version 5.3.1. List of security breaches that have been resolved are:

1. An underprivileged user was able to make a post sticky with REST API. This issue was acknowledged by Daniel Bachhuber.
2. Cross-Site Scripting (XSS) could be restored in well-crafted links. This issue was identified by Simon Scannel and has been resolved in the update.
3. wp_kses_bad_protocol() is hardened to ensure the name colon attribute. Thanks to the WordPress.org security team.
4. Thanks to Nguyen The Duc who discovered a stored XSS vulnerability using the block editor.

The maintenance updates in the version are as follows:

• Administrator control level improvements have been done which allows admin to control height, alignment standardization, dashboard widget links accessibility, alternate color scheme and more.
• Block editor has been updated which fixed edge scrolling issues and intermittent JavaScript issues.
• Bundled themes updated with a customizer option for showing or hiding the author bio, replace JS-based smooth scroll with CSS and also fixed the Instagram embed CSS.
• Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
• Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
• External libraries: update sodium_compat.
• Site health: allow the remind interval for the admin email verification to be filtered.
• Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
• Users: ensure administration email verification uses the user’s locale instead of the site locale.

There are certain maintenance updates in the version 5.3.2, find out which are they. It is a short-cycle maintenance release and the new version 5.4 will be released soon. For downloading this version, go to Dashboard and click Update Now option. Same as above, if your site has automatic background updates, it would start using the version automatically.

The maintenance issue updates that have been resolved are:

• Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
• Uploads: Fix file name collision in wp_unique_filename() when uploading a file with uppercase extension on non case-sensitive file systems.
• Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
• Administration: Fix the colors in all color schemes for buttons with the .active class.
• Posts, Post Types: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

It is always advisable to keep the site updated and bugs fixed for the smooth functioning of the WordPress website. You can always reach out to a WordPress development service provider and get the assistance for your site.

Pankaj Sakariya

December 30, 2019