WordPress 5.2.4 Update

https://wordpress.org/news/2019/11/wordpress-5-2-4-update/
Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress project, and failing to mention his contributions is a huge oversight on our end. Thank you to all of the reporters for privately disclosing vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

WordPress 5.3 “Kirk”

https://wordpress.org/news/2019/11/kirk/
Introducing our most refined user experience with the improved block editor in WordPress 5.3! Named “Kirk” in honour of jazz multi-instrumentalist Rahsaan Roland Kirk, the latest and greatest version of WordPress is available for download or update in your dashboard. 5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site. This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the block editor. […]

WordPress 5.2.4 Security Release

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. Props to David Newman […]

WordPress 5.2.3 Security and Maintenance Release

https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you. Security Updates Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored […]

WordPress 5.2.2 Maintenance Release

https://wordpress.org/news/2019/06/wordpress-5-2-2-maintenance-release/
WordPress 5.2.2 is now available! This maintenance release fixes 13 bugs and adds a little bit of polish to the Site Health feature that made its debut in 5.2. For more info, browse the full list of changes on Trac or check out the Version 5.2.2 documentation page. WordPress 5.2.2 is a short-cycle maintenance release. The next major release will be version 5.3; check make.wordpress.org/core for details as they happen. JB Audras, Justin Ahinon and Mary Baum co-led this release, with invaluable guidance from our Executive Director, Josepha Haden Chomphosy, and contributions from 30 other contributors. Thank you to everyone who made […]

WordPress 5.2.1 Maintenance Release

https://wordpress.org/news/2019/05/wordpress-5-2-1-maintenance-release/
WordPress 5.2.1 is now available! This maintenance release fixes 33 bugs, including improvements to the block editor, accessibility, internationalization, and the Site Health feature introduced in 5.2. You can browse the full list of changes on Trac. WordPress 5.2.1 is a short-cycle maintenance release. Version 5.2.2 is expected to follow in approximately two weeks. You can download WordPress 5.2.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically. Jonathan Desrosiers and William Earnhardt co-led this release, with contributions from 52 other contributors. Thank you to everyone that made this release possible! Alex […]

Minimum PHP Version update

https://wordpress.org/news/2019/04/minimum-php-version-update/
WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20. Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to help them update PHP. Since then, the WordPress stats have shown an increase in users on more recent versions of PHP. The dashboard widget users see if running an outdated version of PHP Why You Should Update PHP If your site is running on an […]

WordPress 5.1.1 Security and Maintenance Release

https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to […]

WordPress 5.0.2 Maintenance Release

https://wordpress.org/news/2018/12/wordpress-5-0-2-maintenance-release/
WordPress 5.0.2 is now available! 5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks. Here are a few of the additional highlights: 45 total Block Editor improvements are included (14 performance enhancements & 31 bug fixes). 17 Block Editor related bugs have been fixed across all of the bundled themes. Some internationalization (i18n) issues related to script loading have also been fixed. For a full list of changes, please consult the list of […]

WordPress 5.0.1 Security Release

https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to. Simon Scannell of RIPS Technologies discovered […]