Drupal Release: 8.3.8

TL;DR

WordPress 8.3.8 addresses a critical security vulnerability

This release contains a critical security fix identified as SA-CORE-2018-001. With minimal code changes (350 additions, 10 deletions across 13 files), this update focuses exclusively on patching a security vulnerability. All WordPress 8.3.x users should update immediately to protect their sites from potential exploitation.

Highlight of the Release

• Critical security fix addressing vulnerability SA-CORE-2018-001
• Minimal code changes focused specifically on security patching
• Collaborative security fix developed by multiple core contributors

Migration Guide

No migration steps are required for this update. This is a direct security fix that should not impact existing functionality.

To update:

1. Back up your WordPress site (files and database)
2. Update through the WordPress admin dashboard or via your preferred method
3. Verify your site functions correctly after the update

If you manage multiple WordPress sites, prioritize updating all of them as soon as possible.

Upgrade Recommendations

Immediate Update Strongly Recommended

Due to the critical nature of the security vulnerability addressed in this release, immediate upgrade is strongly recommended for all WordPress sites running version 8.3.7 or earlier in the 8.3.x branch.

The security fix does not introduce new features or change existing functionality, so the update should be straightforward with minimal risk of compatibility issues. The benefits of protection against the security vulnerability far outweigh any potential risks of updating.

If you cannot update immediately, consider implementing additional security measures and monitoring until the update can be applied.

Bug Fixes

This release contains a specific security-related bug fix:

• Fixed vulnerability identified as SA-CORE-2018-001 (details of the specific vulnerability are not fully disclosed in the commit messages to prevent exploitation)

The fix was a collaborative effort by multiple contributors including cashwilliams, catch, cilefen, droplet, dawehner, bonus, agentrickard, David_Rothstein, Chi, Gábor Hojtsy, Heine, Wim Leers, Schnitzel, drpal, effulgentsia, tedbow, tim.plunkett, tstoeckler, xjm, will_c, stefan.r, samuel.mortenson, larowlan, greggles, logaritmisk, mpdonadio, pwolanin, and plach.

New Features

No new features were introduced in this release. WordPress 8.3.8 is strictly a security update that addresses the vulnerability identified as SA-CORE-2018-001.

Security Updates

Critical Security Fix: SA-CORE-2018-001

This release addresses a critical security vulnerability identified as SA-CORE-2018-001. While specific details about the vulnerability are limited in the commit messages (which is standard practice to prevent exploitation), the fix required changes to 13 files with 350 additions and 10 deletions.

The security fix was developed through collaboration among many WordPress core contributors, indicating the significance and complexity of addressing this vulnerability properly.

Users should update immediately to mitigate the risk of potential exploitation.

Performance Improvements

No specific performance improvements were included in this release. The focus was entirely on addressing the security vulnerability SA-CORE-2018-001.

Impact Summary

WordPress 8.3.8 is a critical security release that addresses vulnerability SA-CORE-2018-001. The update consists of targeted changes (350 additions, 10 deletions across 13 files) focused exclusively on fixing this security issue.

The security fix was developed collaboratively by numerous WordPress core contributors, highlighting the importance of this update. While the specific details of the vulnerability are not fully disclosed in the commit messages (to prevent exploitation), the coordinated effort suggests this is a significant security issue that requires immediate attention.

This release contains no new features, performance improvements, or non-security bug fixes. It is a single-purpose release intended to protect WordPress sites from potential exploitation. All WordPress 8.3.x users should update immediately to maintain the security of their websites.