1. WordPress 5.2.4 Security Release

WordPress 5.2.4 Security Release

WordPress 5.2.4 was released on 14 October 2019.

WordPress 5.2.4 is a security release which addresses six security issues and two bugs.

As with any security release – it’s important that you update immediately.

What does it fix?

Security issues fixed in the WordPress 5.2.4 Security Release:

  • a bug that allowed the theme Customizer to store XSS (cross-site scripting)
  • a bug that allowed viewing unauthenticated posts
  • a bug that allowed XSS to inject JavaScript into style tags
  • a bug that provided a way to poison the cache of JSON GET requests via the Vary: Origin header
  • server-side request forgery in the way that URLs are validated
  • Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin

Bugs fixed:

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2.2 Maintenance Release

WP 5.2.2WordPress 5.2.2 was released today.

5.2.2 is a maintenance release that includes 13 bug fixes and enhancements – including improvements to the Site Health feature.

What does it fix?

Issues fixed in the WordPress 5.2.2 Maintenance Release include:

For the full list of changes see

https://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=5.2.2&order=priority

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2.1 Maintenance Release

WordPress 5.2.1 was released today.

5.2.1. is a maintenance release that includes 33 bug fixes and enhancements – including improvements to the block editor, accessibility, internationalization, and the Site Health feature.

What does it fix?

Issues fixed in the WordPress 5.2.1 Maintenance Release include:

For the full list of changes see

https://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=5.2.1&order=priority

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

WordPress 5.2 “Jaco” Release

WordPress 5.2 was released earlier this week, on 7 May 2019.

5.2 is a major release that includes 229 bug fixes and 59 enhancements.

It brings significant new features:

  • Site Health
  • PHP fatal recovery (WSOD protection)
  • Update package signing
  • Gutenberg updates
  • wp-admin accessibility updates
  • New dashboard icons
  • Plugin compatibility checks
  • Core widgets converted to blocks

Site Health

The new Site Health feature is one of the best things to be added to WordPress for a long time.

It gives administrators:

  • updates recommendations – for both the server (PHP version and HTTPS) and WordPress
  • maintenance recommendations (e.g. remove inactive plugins and themes)
  • configuration and health checks (e.g. background update checks working)
  • a place to view, copy, and share important debug information

It can be accessed from the wp-admin in the Tools -> Site Health menu.

PHP fatal recovery (WSOD protection)

Previous to WordPress 5.2 – when WordPress experienced a fatal error it would stop working – showing what was known as the “white screen of death” (WSOD).

WordPress 5.2 changes how this happens – instead front end users will see an error message which reads

The site is experiencing technical difficulties.

and the site administrator will receive an email notifying of the error and include a special link to access the wp-admin in “recovery mode”. This allows the site administrator to safely fix or manage fatal errors without needing access to the server.

For more information on how this works see Fatal Error Recovery Mode in 5.2 and Site Health Check in 5.2.

Update package signing

WordPress 5.2 includes the first part of the “update package signing” feature – which will ensure updates to WordPress, plugins and themes are downloaded correctly before they are installed.

This will be tested with the next WordPress 5.2.x release.

Future updates will include error detection and fallback mechanisms as well as making UI options will be added.

Gutenberg updates

WordPress 5.2 continues the development of the new “Gutenberg” editor – including performance and UX improvements.

  • No more TinyMCE in blocks
  • Block Management UI
  • Performance more than doubled in async mode
  • All widgets ported to blocks
  • A lot of improvements to existing blocks (cover block with inner blocks, focal point picker,…)
  • Stability improvements
  • Zero-config scripts to help authors create blocks

For the full list and details see What’s new in Gutenberg? (17th April).

wp-admin accessibility updates

WordPress 5.2 includes various accessibility updates to the wp-admin.

These updates improve the HTML markup used to present information in the wp-admin.

For more information see Notable Accessibility Changes in 5.2.

New dashboard icons

After three years of no changes to dashboard icons – 13 new icons have been added as well as 18 that were previously unavailable due to missing css declarations.

Plugin compatibility checks

Since 2017 the WordPress plugin directory has allowed plugin developers to specify the minimum supported PHP version – but this was not enforced in WordPress, allowing users to install incompatible plugins.

WordPress 5.2 will now use this information to determine if your site’s version of PHP is compatible.

If the plugin requires a higher version of PHP than your site currently uses, WordPress will not allow you to activate it, preventing potential compatibility errors.

Core widgets converted to blocks

All default widgets are now available in Gutenberg as blocks.

This paves the way for the Gutenberg interface to be used in other areas of WordPress – such as the widget editor.

How to install the update?

As a major release 5.2 will need to be installed manually.

You will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.

As always, backing up the site before installing updates is highly recommended.