WordPress 5.3.1 is a security release which addresses four security issues.
As with any security release – it’s important that you update immediately.
What does it fix?
Security issues fixed in the WordPress 5.3.1:
a bug where an unprivileged user could make a post sticky via the REST API
a bug where cross-site scripting (XSS) could be stored in well-crafted links
a XSS vulnerability using Gutenberg block edito
hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute
There were also 48 maintenance updates covering the block editor, Twenty Twenty bundled theme, accessibility, Admin CSS, internationalization, media library and date/time handling.
How to install update?
As a minor release, by default, the update will install automatically.
If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.
WordPress will now attempt to automatically rotate images using image orientation EXIF meta-data.
How uploaded images are handled by WordPress was also changed to decrease server load and avoid critical errors which would previously fail multiple images being uploaded when only one failed.
31 updates were made to the Site Health feature – which informs WordPress administrators of performance and security issues for the install – with a focus on server health such as PHP version.
Most notable is the change to the health grading – which was a percentage. There were concerns that the percentage indicator was misleading.
The health grading now shows one of two statuses – needs improvement and good.
Administrators will now periodically be prompted to confirm their email is still valid. Which will reduce the risk of loosing access to a WordPress site through not knowing the administrator login details.
This prompt appears when administrators log in to wp-admin.
Now that the minimum supported PHP version has raised – timezone date and time handling can be moderized to improve this basic, but important, functionality.
The wp_date() function has been introduced which provides a completely new way to handle date localisation.
WordPress 5.2.3 is a security release which addresses several cross-site scripting (XSS) vulnerabilities, a patch for jQuery to and includes 28 bug fixes.
As with any security release – it’s important that you update immediately.
What does it fix?
Issues fixed in the WordPress 5.2.3 Security Release:
5.2.1. is a maintenance release that includes 33 bug fixes and enhancements – including improvements to the block editor, accessibility, internationalization, and the Site Health feature.
What does it fix?
Issues fixed in the WordPress 5.2.1 Maintenance Release include:
The new Site Health feature is one of the best things to be added to WordPress for a long time.
It gives administrators:
updates recommendations – for both the server (PHP version and HTTPS) and WordPress
maintenance recommendations (e.g. remove inactive plugins and themes)
configuration and health checks (e.g. background update checks working)
a place to view, copy, and share important debug information
It can be accessed from the wp-admin in the Tools -> Site Health menu.
PHP fatal recovery (WSOD protection)
Previous to WordPress 5.2 – when WordPress experienced a fatal error it would stop working – showing what was known as the “white screen of death” (WSOD).
WordPress 5.2 changes how this happens – instead front end users will see an error message which reads
The site is experiencing technical difficulties.
and the site administrator will receive an email notifying of the error and include a special link to access the wp-admin in “recovery mode”. This allows the site administrator to safely fix or manage fatal errors without needing access to the server.
WordPress 5.2 includes the first part of the “update package signing” feature – which will ensure updates to WordPress, plugins and themes are downloaded correctly before they are installed.
This will be tested with the next WordPress 5.2.x release.
Future updates will include error detection and fallback mechanisms as well as making UI options will be added.
Gutenberg updates
WordPress 5.2 continues the development of the new “Gutenberg” editor – including performance and UX improvements.
No more TinyMCE in blocks
Block Management UI
Performance more than doubled in async mode
All widgets ported to blocks
A lot of improvements to existing blocks (cover block with inner blocks, focal point picker,…)
After three years of no changes to dashboard icons – 13 new icons have been added as well as 18 that were previously unavailable due to missing css declarations.
WordPress 5.2 will now use this information to determine if your site’s version of PHP is compatible.
If the plugin requires a higher version of PHP than your site currently uses, WordPress will not allow you to activate it, preventing potential compatibility errors.
Core widgets converted to blocks
All default widgets are now available in Gutenberg as blocks.
This paves the way for the Gutenberg interface to be used in other areas of WordPress – such as the widget editor.
How to install the update?
As a major release 5.2 will need to be installed manually.
You will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.
As always, backing up the site before installing updates is highly recommended.
With the launch of WordPress 5.2 the minimum supported PHP version has been raised to PHP 5.6.
WordPress hosted on servers with less than PHP 5.6 will no longer be able to update and will see an error which reads
Your server is running PHP version 5.5.38 but WordPress 5.2 requires at least 5.6.20.
Since 2017 the WordPress community has been working towards raising the supported PHP version. This began with creating the servehappy project.
While PHP 5.6 is considered end-of-life – because it no longer receives maintenance or security fixes – this is still a big step forward for WordPress.
Eventually WordPress will only support the PHP versions that are receiving maintenance and security updates. However, this needs to be a slow and incremental process to as one of the core tenets of WordPress is backwards compatibility.
The next version bump will be the most significant – affecting the most WordPress installations with 31.3% currently using PHP 5.6.