WordPress 5.3.1 is a security release which addresses four security issues.
As with any security release – it’s important that you update immediately.
What does it fix?
Security issues fixed in the WordPress 5.3.1:
a bug where an unprivileged user could make a post sticky via the REST API
a bug where cross-site scripting (XSS) could be stored in well-crafted links
a XSS vulnerability using Gutenberg block edito
hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute
There were also 48 maintenance updates covering the block editor, Twenty Twenty bundled theme, accessibility, Admin CSS, internationalization, media library and date/time handling.
How to install update?
As a minor release, by default, the update will install automatically.
If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.
WordPress will now attempt to automatically rotate images using image orientation EXIF meta-data.
How uploaded images are handled by WordPress was also changed to decrease server load and avoid critical errors which would previously fail multiple images being uploaded when only one failed.
31 updates were made to the Site Health feature – which informs WordPress administrators of performance and security issues for the install – with a focus on server health such as PHP version.
Most notable is the change to the health grading – which was a percentage. There were concerns that the percentage indicator was misleading.
The health grading now shows one of two statuses – needs improvement and good.
Administrators will now periodically be prompted to confirm their email is still valid. Which will reduce the risk of loosing access to a WordPress site through not knowing the administrator login details.
This prompt appears when administrators log in to wp-admin.
Now that the minimum supported PHP version has raised – timezone date and time handling can be moderized to improve this basic, but important, functionality.
The wp_date() function has been introduced which provides a completely new way to handle date localisation.