1. WordPress 5.3.2 Maintenance Release

WordPress 5.3.2 Maintenance Release

WordPress 5.3.2 was released on 18 December 2019.

5.3.2 is a maintenance release that includes 5 bug fixes and enhancements – including improvements to the Site Health feature.

What does it fix?

Issues fixed in the WordPress 5.3.2 Maintenance Release include:

For the full list of changes see

https://core.trac.wordpress.org/query?status=closed&type=!task+(blessed)&resolution=fixed&milestone=5.3.2&col=id&col=summary&col=owner&col=type&col=priority&col=component&col=version&order=priority

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 was released on 13 December 2019.

WordPress 5.3.1 is a security release which addresses four security issues.

As with any security release – it’s important that you update immediately.

What does it fix?

Security issues fixed in the WordPress 5.3.1:

  • a bug where an unprivileged user could make a post sticky via the REST API
  • a bug where cross-site scripting (XSS) could be stored in well-crafted links
  • a XSS vulnerability using Gutenberg block edito
  • hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute

There were also 48 maintenance updates covering the block editor, Twenty Twenty bundled theme, accessibility, Admin CSS, internationalization, media library and date/time handling.

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.3 “Kirk” Release

WordPress 5.3 was released on 12 November 2019.

5.3 is a major release that includes 386 bug fixes and 151 enhancements.

Code named “Kirk” in honour of jazz musician Rahsaan Roland Kirk.

It brings significant new features:

  • improved wp-admin accessibility
  • 150 Gutenberg editor enhancements
  • automatic image rotation (plus more!)
  • improved Site Health
  • administration email verification
  • improved PHP 7.4 support
  • improved timezone date and time functionality

Improved wp-admin accessibility

52 accessibility updates were made in WordPress 5.3.

The most noticeable are changes to:

  • color contrasts on form fields and buttons
  • focus styles on form fields and buttons
  • content behavior on text zoom

150 Gutenberg editor enhancements

Updates to the new “Gutenberg” block editor continue with WordPress 5.3 – with a massive 150 enhancements introduced.

Updates were focused on usability, accessibility and image handling.

For more information see Block Editor Theme-related updates in WordPress 5.3.

Automatic image rotation (plus more!)

WordPress will now attempt to automatically rotate images using image orientation EXIF meta-data.

How uploaded images are handled by WordPress was also changed to decrease server load and avoid critical errors which would previously fail multiple images being uploaded when only one failed.

For more information see Updates to Image Processing in WordPress 5.3.

Improved Site Health

31 updates were made to the Site Health feature – which informs WordPress administrators of performance and security issues for the install – with a focus on server health such as PHP version.

Most notable is the change to the health grading – which was a percentage. There were concerns that the percentage indicator was misleading.

The health grading now shows one of two statuses – needs improvement and good.

And the WSOD emails can now include basic debug information – with a filter for plugin and theme developers to add their own logs.

For more information see What’s new in Site Health for WordPress 5.3.

Administration email verification

Administrators will now periodically be prompted to confirm their email is still valid. Which will reduce the risk of loosing access to a WordPress site through not knowing the administrator login details.

This prompt appears when administrators log in to wp-admin.

Improved PHP 7.4 support

WordPress 5.3 included 5 updates addressing PHP 7.4 support.

This involved depreciating functions which are no longer supported in PHP 7.4.

As a consequence – the native PHP JSON extension is now required to run WordPress.

Improved timezone date and time functionality

Now that the minimum supported PHP version has raised – timezone date and time handling can be moderized to improve this basic, but important, functionality.

The wp_date() function has been introduced which provides a completely new way to handle date localisation.

For more information see Date/Time component improvements in WordPress 5.3.

How to install the update?

As a major release 5.3 will need to be installed manually.

You will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

As always, backing up the site before installing updates is highly recommended.

WordPress 5.2.4 Security Release

WordPress 5.2.4 was released on 14 October 2019.

WordPress 5.2.4 is a security release which addresses six security issues and two bugs.

As with any security release – it’s important that you update immediately.

What does it fix?

Security issues fixed in the WordPress 5.2.4 Security Release:

  • a bug that allowed the theme Customizer to store XSS (cross-site scripting)
  • a bug that allowed viewing unauthenticated posts
  • a bug that allowed XSS to inject JavaScript into style tags
  • a bug that provided a way to poison the cache of JSON GET requests via the Vary: Origin header
  • server-side request forgery in the way that URLs are validated
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin

Bugs fixed:

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2.3 Security Release

WordPress 5.2.3 was released on 4 September 2019.

WordPress 5.2.3 is a security release which addresses several cross-site scripting (XSS) vulnerabilities, a patch for jQuery to and includes 28 bug fixes.

As with any security release – it’s important that you update immediately.

What does it fix?

Issues fixed in the WordPress 5.2.3 Security Release:

As well as several other fixes.

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2.2 Maintenance Release

WP 5.2.2WordPress 5.2.2 was released today.

5.2.2 is a maintenance release that includes 13 bug fixes and enhancements – including improvements to the Site Health feature.

What does it fix?

Issues fixed in the WordPress 5.2.2 Maintenance Release include:

For the full list of changes see

https://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=5.2.2&order=priority

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2.1 Maintenance Release

WordPress 5.2.1 was released today.

5.2.1. is a maintenance release that includes 33 bug fixes and enhancements – including improvements to the block editor, accessibility, internationalization, and the Site Health feature.

What does it fix?

Issues fixed in the WordPress 5.2.1 Maintenance Release include:

For the full list of changes see

https://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=5.2.1&order=priority

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2 “Jaco” Release

WordPress 5.2 was released earlier this week, on 7 May 2019.

5.2 is a major release that includes 229 bug fixes and 59 enhancements.

It brings significant new features:

  • Site Health
  • PHP fatal recovery (WSOD protection)
  • Update package signing
  • Gutenberg updates
  • wp-admin accessibility updates
  • New dashboard icons
  • Plugin compatibility checks
  • Core widgets converted to blocks

Site Health

The new Site Health feature is one of the best things to be added to WordPress for a long time.

It gives administrators:

  • updates recommendations – for both the server (PHP version and HTTPS) and WordPress
  • maintenance recommendations (e.g. remove inactive plugins and themes)
  • configuration and health checks (e.g. background update checks working)
  • a place to view, copy, and share important debug information

It can be accessed from the wp-admin in the Tools -> Site Health menu.

PHP fatal recovery (WSOD protection)

Previous to WordPress 5.2 – when WordPress experienced a fatal error it would stop working – showing what was known as the “white screen of death” (WSOD).

WordPress 5.2 changes how this happens – instead front end users will see an error message which reads

The site is experiencing technical difficulties.

and the site administrator will receive an email notifying of the error and include a special link to access the wp-admin in “recovery mode”. This allows the site administrator to safely fix or manage fatal errors without needing access to the server.

For more information on how this works see Fatal Error Recovery Mode in 5.2 and Site Health Check in 5.2.

Update package signing

WordPress 5.2 includes the first part of the “update package signing” feature – which will ensure updates to WordPress, plugins and themes are downloaded correctly before they are installed.

This will be tested with the next WordPress 5.2.x release.

Future updates will include error detection and fallback mechanisms as well as making UI options will be added.

Gutenberg updates

WordPress 5.2 continues the development of the new “Gutenberg” editor – including performance and UX improvements.

  • No more TinyMCE in blocks
  • Block Management UI
  • Performance more than doubled in async mode
  • All widgets ported to blocks
  • A lot of improvements to existing blocks (cover block with inner blocks, focal point picker,…)
  • Stability improvements
  • Zero-config scripts to help authors create blocks

For the full list and details see What’s new in Gutenberg? (17th April).

wp-admin accessibility updates

WordPress 5.2 includes various accessibility updates to the wp-admin.

These updates improve the HTML markup used to present information in the wp-admin.

For more information see Notable Accessibility Changes in 5.2.

New dashboard icons

After three years of no changes to dashboard icons – 13 new icons have been added as well as 18 that were previously unavailable due to missing css declarations.

Plugin compatibility checks

Since 2017 the WordPress plugin directory has allowed plugin developers to specify the minimum supported PHP version – but this was not enforced in WordPress, allowing users to install incompatible plugins.

WordPress 5.2 will now use this information to determine if your site’s version of PHP is compatible.

If the plugin requires a higher version of PHP than your site currently uses, WordPress will not allow you to activate it, preventing potential compatibility errors.

Core widgets converted to blocks

All default widgets are now available in Gutenberg as blocks.

This paves the way for the Gutenberg interface to be used in other areas of WordPress – such as the widget editor.

How to install the update?

As a major release 5.2 will need to be installed manually.

You will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

As always, backing up the site before installing updates is highly recommended.

WordPress raises minimum PHP version to 5.6

With the launch of WordPress 5.2 the minimum supported PHP version has been raised to PHP 5.6.

WordPress hosted on servers with less than PHP 5.6 will no longer be able to update and will see an error which reads

Your server is running PHP version 5.5.38 but WordPress 5.2 requires at least 5.6.20.

Since 2017 the WordPress community has been working towards raising the supported PHP version. This began with creating the servehappy project.

While PHP 5.6 is considered end-of-life – because it no longer receives maintenance or security fixes – this is still a big step forward for WordPress.

Eventually WordPress will only support the PHP versions that are receiving maintenance and security updates. However, this needs to be a slow and incremental process to as one of the core tenets of WordPress is backwards compatibility.

The next version bump will be the most significant – affecting the most WordPress installations with 31.3% currently using PHP 5.6.

This is expected to be in December 2019 and will go to PHP 7.0.

The benefits of running the latest version of PHP goes beyond security – it also allows developers to use new features and improved load speeds.