WordPress 5.3.1 released

[German]The developers have released (December 12, 2019) WordPress 5.3.1. This is a security and bug fix update which fixes issues in version 5.3 of WordPress. Security fixes for older WordPress versions are also available.


Advertising

WordPress 5.3.1 fixes security issues and 46 bugs described in the Release Notes (developers have also provided updates for the security holes in all older WordPress versions from WordPress 3.7 to 5.2). Here is the list of security fixes:

  • An unprivileged user could make a post sticky via the REST API.
  • An issue where cross-site scripting (XSS) could be stored in well-crafted links.
  • Hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • A stored XSS vulnerability using block editor content.

In addition, the following bugs have been fixed in the newly released WordPress version 5.3.1:

  • Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
  • Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
  • Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
  • Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
  • Embeds: remove CollegeHumor oEmbed provider as the service doesn't exist anymore.
  • External libraries: update sodium_compat.
  • Site health: allow the remind interval for the admin email verification to be filtered.
  • Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
  • Users: ensure administration email verification uses the user's locale instead of the site locale.

Further information, e.g. for developers, can be found on the Release Notes  page. I automatically updated the new version in a blog. In a Multisite-Blog the manual update was triggered. I haven't noticed any problems so far.

However, I noticed a crude bug since WordPress 5.3, which is not fixed in version 5.3.1. There is a problem with inserting spaces in the Classic Editor. I published an article on WordPress.org and opened a ticket. But it seems that the issue is related to my environment. If I have aspare time, I will continue to test to find the root cause. Maybe another WordPress user will come across the effect and confirm it.


Advertising

This entry was posted in Software, Update and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).