WordPress 5.2.4 Update

https://wordpress.org/news/2019/11/wordpress-5-2-4-update/
Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress project, and failing to mention his contributions is a huge oversight on our end. Thank you to all of the reporters for privately disclosing vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.

WordPress 5.3 “Kirk”

https://wordpress.org/news/2019/11/kirk/
Introducing our most refined user experience with the improved block editor in WordPress 5.3! Named “Kirk” in honour of jazz multi-instrumentalist Rahsaan Roland Kirk, the latest and greatest version of WordPress is available for download or update in your dashboard. 5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site. This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the block editor. […]

WordPress 5.2.4 Security Release

https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. Props to David Newman […]

WordPress 5.2.3 Security and Maintenance Release

https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you. Security Updates Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored […]

WordPress 5.2.2 Maintenance Release

https://wordpress.org/news/2019/06/wordpress-5-2-2-maintenance-release/
WordPress 5.2.2 is now available! This maintenance release fixes 13 bugs and adds a little bit of polish to the Site Health feature that made its debut in 5.2. For more info, browse the full list of changes on Trac or check out the Version 5.2.2 documentation page. WordPress 5.2.2 is a short-cycle maintenance release. The next major release will be version 5.3; check make.wordpress.org/core for details as they happen. JB Audras, Justin Ahinon and Mary Baum co-led this release, with invaluable guidance from our Executive Director, Josepha Haden Chomphosy, and contributions from 30 other contributors. Thank you to everyone who made […]

WordPress 5.2.1 Maintenance Release

https://wordpress.org/news/2019/05/wordpress-5-2-1-maintenance-release/
WordPress 5.2.1 is now available! This maintenance release fixes 33 bugs, including improvements to the block editor, accessibility, internationalization, and the Site Health feature introduced in 5.2. You can browse the full list of changes on Trac. WordPress 5.2.1 is a short-cycle maintenance release. Version 5.2.2 is expected to follow in approximately two weeks. You can download WordPress 5.2.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically. Jonathan Desrosiers and William Earnhardt co-led this release, with contributions from 52 other contributors. Thank you to everyone that made this release possible! Alex […]

Minimum PHP Version update

https://wordpress.org/news/2019/04/minimum-php-version-update/
WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20. Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to help them update PHP. Since then, the WordPress stats have shown an increase in users on more recent versions of PHP. The dashboard widget users see if running an outdated version of PHP Why You Should Update PHP If your site is running on an […]