Skip to content

Releases: roots/wordpress

Version 5.1.17

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 5.0.20

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 4.9.24

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 4.8.23

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 4.7.27

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 4.6.27

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 4.5.30

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 4.4.31

12 Oct 21:13
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.

Version 6.3.1

29 Aug 14:54
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Summary

Maintenance updates

This minor release features 4 bug fixes in Core and 6 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Version 6.3

08 Aug 20:33
41ff6e2
Compare
Choose a tag to compare

Sourced from WordPress.org Documentation.

Highlights

This momentous release opens new possibilities for the creative expression of designers, creators, and builders. Powerful tools and refined controls give users confidence and allow them to easily manage their sites.

Do everything in the Site Editor

WordPress 6.3 brings your content, templates, and patterns together in the Site Editor for the first time. Add pages, browse style variations, create synced patterns, and enjoy fine-tuned control over navigation menus. Spend less time switching across different site areas—so you can focus on what matters most. Creation to completion, all in one place.

Preview Block themes

Experience block themes before you switch and preview the Site Editor, with options to customize directly before committing to a new theme. 

Create and sync patterns

Arrange blocks and save them to the ‘My Patterns’ section for use throughout your site. You can even specify whether to sync your patterns (previously referred to as “Reusable blocks”) so that one change applies to all parts of your site. Or, utilize patterns as a starting point with the ability to customize each instance.

Work faster with the Command Palette

Switch to a specific template or open your editor preferences with a new tool that helps you quickly access expanded functionality. With simple keyboard shortcuts (⌘+k on Mac or Ctrl+k on Windows), clicking the sidebar search icon in Site View, or clicking the Title Bar, get where you need to go and do what you need to do in seconds.

Sharpen your designs with new tools

New design controls bring more versatility for fine-tuning, starting with the ability to customize your captions from the Styles interface without coding. You can manage your duotone filters in Styles for supported blocks and pick from the options provided by your theme or disable them entirely. The Cover block gets added settings for text color, layout controls, and border options, making this powerful block even more handy.

Track design changes with Style revisions

With a new audit trail, you can now see how your site looked at a specific time. Visualize these revisions in a timeline and access a one-click option to restore prior styles.

Annotate with the Footnotes block

Footnotes add convenient annotations throughout your content. Now you can add and link footnotes for any paragraph.

Show or hide content with the Details block

Use the Details block to avoid spoiling a surprise, create an interactive Q&A section, or hide a long paragraph under a heading.

Performance gets a boost

WordPress 6.3 has 170+ performance updates, including defer and async support for the Scripts API and fetchpriority support for images. These improvements, along with block template resolution, image lazy-loading, and the emoji loader, can dramatically improve your website’s perceived load time.

Accessibility remains a core focus

Incorporating more than 50 accessibility improvements across the platform, WordPress 6.3 is more accessible than ever. Improved labeling, optimized tab and arrow-key navigation, revised heading hierarchy, and new controls in the admin image editor allow those using assistive technologies to navigate more easily.

Other highlights

Set aspect ratio on images

Specify your aspect ratios and ensure design integrity, especially when using images in patterns.

Build your site distraction-free

Distraction-free designing is now available in the Site Editor.

Rediscover the Top Toolbar

A revamped Top Toolbar offers parent selectors for nested blocks, options when selecting multiple blocks, and an interface embedded into the title bar with new functionality in mind.

List View improvements

Drag and drop to every content layer and delete any block you would like in the updated List View.

Build templates with Patterns

Create unique patterns to jumpstart template creation with a new modal enabling access to pattern selection.