WordPress 5.8.3 Security Release

Posted January 6, 2022 by Jonathan Desrosiers. Filed under Releases, Security.

This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage.

You can update to WordPress 5.8.3 by downloading from wporg.ibadboy.net or visiting your Dashboard → Updates and clicking Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

Thank you to all of the reporters above for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. Thank you to the members of the WordPress security team for implementing these fixes in WordPress.

For more information, check out the 5.8.3 HelpHub documentation page.

Thanks and props!

The 5.8.3 release was led by @desrosj and @circlecube.

In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.8.3 happen:

Alex Concha, Dion Hulse, Dominik Schilling, ehtis, Evan Mullins, Jake Spurlock, Jb Audras, Jonathan Desrosiers, Ian Dunn, Peter Wilson, Sergey Biryukov, vortfu, and zieladam.

The Month in WordPress – December 2021

Posted January 5, 2022 by rmartinezduque. Filed under Month in WordPress.

December was a busy month for the WordPress community. In the latest episode of the WP Briefing podcast, WordPress Executive Director Josepha Haden Chomphosy shares a carol of thanks and shows her gratitude to all the people who make the WordPress project a success.

(…) I know that we have gotten so much done together in the last few years. And I am equally sure that we’re going to get so much done in the years to come. And so thank you all so much for your continued work with WordPress and the way that you just bring your best at all times.

Josepha Haden, Executive Director of the WordPress project

We said goodbye to 2021 with the annual State of the Word, along with the release of WordPress 5.9 Beta 4, among many other exciting updates. Read on to learn more about the latest community achievements.

WordPress 5.9: The first release candidate just landed

Are you interested in contributing to WordPress core? Join the #core channel, follow the Core Team blog, and check out the team handbook. Also, don’t miss the Core Team’s weekly developer chat on Wednesdays at 8 PM UTC.

Gutenberg releases: Versions 12.1 and 12.2 are here

The Core Team launched two new versions of Gutenberg last month. Both come with new features, code quality improvements, and bug fixes.

  • Gutenberg 12.1 marks the return of the template List View and includes several Navigation block enhancements, new global styles features, an improved developer experience for block themes, and more.
  • The Gutenberg 12.2 release focuses on user experience improvements and brings the block styles preview to the Widgets Editor, among other new features.

Want to get involved in developing Gutenberg? Follow the Core Team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Make WordPress Slack. Follow the #gutenberg-new tag for details on the latest updates.

Highlights from State of the Word 2021

  • State of the Word 2021, the annual keynote address delivered by WordPress co-founder Matt Mullenweg, was livestreamed from New York City on December 14, 2021. The event gathered WordPress enthusiasts at 29 watch parties around the world.
  • Matt shared his thoughts on the progress of the WordPress project and made announcements regarding its future in 2022. The presentation was followed by a Question and Answer session.

If you missed the event’s livestream, you could watch the State of the Word recording and the Q&A session on WordPress.tv.

Team updates: 2022 major release timings, new team rep announcements, and more

Are you looking for some 5.9 resources to share with your local community? Check out the WordPress 5.9 Talking Points for Meetup Organizers post.

Feedback/Testing requests: Contribute by testing or translating WordPress 5.9

  • Your feedback on WordPress 5.9 release candidates is still needed and appreciated! If you haven’t tried this version yet, you can find instructions on testing 5.9 features in this post.
  • Do you speak a language other than English? The Polyglots Team announced that WordPress 5.9 is also ready to be translated.
  • Version 18.9 of WordPress for Android is available for testing.

Share your feedback on WordPress 5.9.

Apply to speak or host a workshop at WordCamp Europe 2022

  • WordCamp US 2022 is currently looking for organizers.
  • The WordPress community celebrated its first in-person WordCamp after 21 months in Sevilla (Spain) on December 11-12, 2021. WordCamp Taiwan was held online the same weekend.
  • The Test Team organized the Hallway Hangout titled Let’s talk about WordPress 6.0 on December 21, 2021. The team also shared a wrap-up of the Site Editing Safari as part of the FSE Outreach Program.
  • The Training Team hosted several WordPress Social Learning Meetups last month, and there will be many more in January 2022.
  • Last year the WordPress Foundation made significant progress in its mission to educate the public about open source software. Learn more about it in this 2021 recap.

Don’t miss the following upcoming WordCamps: WordCamp Birmingham, Alabama 2022, WordCamp Genève 2022, WordCamp Vienna 2022, and WordCamp Europe 2022.

The Call For Sponsors and Call For Speakers for WordCamp Europe 2022 are open! Read this post to learn more about the Organizing Team’s plans for the first in-person WordCamp Europe in three years.

Have a story that we could include in the next ‘Month in WordPress’ post? Let us know by filling out this form.

The following folks contributed to December 2021’s Month in WordPress: @anjanavasan, @harishanker @lmurillom @meher @nalininonstopnewsuk @webcommsat

WordPress 5.9 RC 1

Posted January 4, 2022 by webcommsat AbhaNonStopNewsUK. Filed under Development, Releases.

The first Release Candidate (RC1) for WordPress 5.9 is now available! 

Thank you to everyone who has contributed to reach this important milestone in the community’s progress towards a WordPress 5.9 release.

“Release Candidate” means the new version of the software is ready for release. It helps the community check that nothing is missed, given the thousands of plugins and themes and differences in how millions of people use the software.

WordPress 5.9 is slated for release on January 25, 2022. This is just three weeks to go  – and there’s still time to help!

Testing the release

You can test the WordPress 5.9 release candidate in three ways:

Option 1: Install and activate the WordPress Beta Tester plugin (select the “Bleeding edge” channel and “Beta/RC Only” stream).

Option 2: Direct download the beta version here (zip).

Option 3: When using WP-CLI to upgrade from Beta 1, 2, 3 or 4 on a case-insensitive filesystem, please use the following command sequence:

Command One:

wp core update --version=5.9-RC1

Command Two:

wp core update --version=5.9-RC1 --force

Your help to test the RC1 is vital: the more testing that happens, the more stable the release, and the better the experience for users and developers—and the entire WordPress community.

Thank you to all of the contributors who tested the Beta releases and gave feedback. Testing for bugs is not just a critical part of polishing every release; it is also a great way to contribute to WordPress.

Help test WordPress 5.9 features – a guide to how you can take part.

What is in WordPress 5.9 release candidate?

This will be the first release of 2022 and continues the work towards 5.9 from last year. It features the latest advances of the block editor and is the first version of full site editing in Core.

WordPress 5.9 also brings more refinements to the developer experience. To keep up with the latest updates and discover more about how the community works to continually improve the software, please subscribe to the Make WordPress Core blog. In particular, the developer notes tag will keep you up to date on changes that might affect your products or how you use the software.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.9 and update the Tested up to version  to 5.9 in your readme file. If you find compatibility problems, please post to the support forums, so volunteers and developers can help you figure them out before the final release.

The WordPress 5.9 Field Guide will be out very shortly. It will give you a deeper dive into the major changes.

How to Help

Do you speak a language that is not English? You can help translate WordPress into more than 100 languages! Release Candidate 1 marks the hard string freeze point of the 5.9 release schedule. Thanks to every locale that is already involved with translations.

If you think you have found a bug, you can post to the Alpha/Beta area in the support forums.  If you are comfortable writing a reproducible bug report, you can file one on WordPress Trac, where you can also check the issue against a list of known bugs.

Props to @webcommsat for the post and to @marybaum @hellofromtonya @audrasjb @davidbaumwald @estelaris @cbringmann for final review.

See Also:

Want to follow the code? There’s a development P2 blog and you can track active development in the Trac timeline that often has 20–30 updates per day.

Want to find an event near you? Check out the WordCamp schedule and find your local Meetup group!

For more WordPress news, check out the WordPress Planet or subscribe to the WP Briefing podcast.


Subscribe to WordPress News

Join 1,931,704 other subscribers


%d bloggers like this: