Drupal Release: 4.6.1

TL;DR

WordPress 4.6.1 is a maintenance release that addresses numerous bugs and improves stability across the platform. This update fixes over 50 issues including problems with user management, book navigation, PostgreSQL compatibility, security enhancements, and various UI improvements. The release focuses primarily on bug fixes rather than introducing new features, making it an important update for all WordPress installations to ensure proper functionality and security.

Highlight of the Release

• Fixed user deletion functionality
• Improved PostgreSQL compatibility with multiple query fixes
• Enhanced security with proper escaping in RSS feeds
• Fixed book navigation and administration issues
• Improved browser compatibility including Konqueror CSS fixes
• Better handling of JavaScript in blocks with auto-linebreak filter updates

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 4.6.1 is a bug fix release that should be a straightforward upgrade from 4.6.0.

To upgrade:

1. Back up your website files and database
2. Deactivate plugins (optional but recommended)
3. Update WordPress through the admin dashboard or by downloading and installing the new version
4. Re-activate plugins

No database schema changes or breaking changes were introduced that would require special migration steps.

Upgrade Recommendations

This update is highly recommended for all WordPress 4.6.0 installations. WordPress 4.6.1 contains numerous bug fixes and security improvements that enhance the stability and security of your website.

Priority: High
Timing: Update as soon as possible
Preparation: As with any update, create a complete backup of your site before upgrading

The update addresses several important issues including:

• User management fixes
• Security improvements in RSS feeds and file handling
• Database compatibility enhancements for PostgreSQL users
• Browser compatibility fixes
• UI and accessibility improvements

Since this is a maintenance release focused on bug fixes rather than new features, the risk of upgrade issues is minimal compared to the benefits of the fixes included.

Bug Fixes

User Management

• Fixed issues with deleting users
• Improved menu cache clearing when editing users
• Fixed user registration bug

Content Management

• Fixed book navigation formatting with missing <div id=menu> added
• Fixed broken delete links on book administration page
• Fixed off-by-one error in printer-friendly book pages
• Fixed popular content block to respect node access permissions
• Corrected handling of PHP code in teasers
• Fixed behavior of theme_image() regarding attributes

Database & Performance

• Multiple PostgreSQL compatibility fixes for SQL queries
• Increased length of the location field in the locale_sources table
• Removed redundant DISTINCT() in some queries while adding missing DISTINCT() to others
• Removed index hint that was degrading performance

UI & Accessibility

• Fixed CSS problems in Konqueror browser
• Fixed invalid XHTML code in various places
• Added missing </p> tag in templates
• Fixed node form fieldsets being broken in IE after Safari/Konqueror fix
• Changed colon (:) in aggregator block IDs to dash (-) to avoid CSS problems
• Fixed forum blocks to only display when there are topics to list

File Handling

• Made file_transfer() more robust
• Enhanced file_create_path() and file_check_location() functions
• Fixed maximum upload file size check (now in megabytes, not bytes)

Text Processing

• Updated auto-linebreak filter to ignore contents of <script> and <style> tags
• Made line-break filter tag matching case-insensitive
• Fixed MIME header encoding for proper UTF-8 handling

Other

• Fixed blogapi workflow variables
• Corrected URL in INSTALL.txt
• Fixed search index not wiping on admin settings change
• Improved password handling by trimming to avoid copy-paste mistakes

New Features

No significant new features were introduced in this maintenance release. WordPress 4.6.1 focuses primarily on bug fixes, security improvements, and enhancing compatibility with different database systems and browsers.

Security Updates

Security Improvements

• Added missing check_plain() when emitting the <category> tag in RSS feeds, preventing potential XSS vulnerabilities
• Enhanced file_check_location() to be more robust against potential directory traversal attempts
• Improved URL handling by properly using urlencode() for profile field names and values to prevent characters like # and & from being interpreted incorrectly by browsers/servers
• Added missing security checks with db_rewrite_sql() in node_load() to ensure proper access control
• Fixed several instances of missing t() functions and check_plain() calls to properly sanitize output

Performance Improvements

Performance Enhancements

• Removed an SQL index hint (/*! USE INDEX */) that was actually degrading query performance significantly
• Added missing DISTINCT() statements to two SQL queries to improve result accuracy and performance
• Removed redundant DISTINCT() calls where they weren't needed, reducing query complexity
• Improved menu cache handling when editing users, ensuring proper cache clearing
• Enhanced search index management to properly wipe on admin settings changes
• Optimized admin content sorting by descending node date

Impact Summary

WordPress 4.6.1 is primarily a maintenance and bug fix release that addresses over 50 issues across the platform. The impact is largely positive, improving stability, security, and compatibility without introducing breaking changes.

The most significant impacts include:

• Enhanced stability: Fixed numerous bugs in core functionality including user management, book navigation, and content handling
• Improved security: Better handling of user input and output escaping in several areas including RSS feeds
• Better cross-platform compatibility: Multiple fixes for PostgreSQL database users and improved browser compatibility for Konqueror and IE
• UI refinements: Fixed various display issues, improved accessibility, and corrected XHTML validation problems

This release demonstrates WordPress's commitment to maintaining a stable and secure platform through regular maintenance updates. While it doesn't introduce exciting new features, it strengthens the foundation of the CMS by addressing a wide range of issues that affect daily usage.