WordPress Release: 2.2.3

TL;DR

WordPress 2.2.3 is a maintenance release that addresses several bugs and security issues from the 2.2.x branch. This update includes RTL (Right-to-Left) language support improvements, fixes for plugin compatibility on Windows servers, enhanced sanitization of user inputs, and various improvements to RSS feeds. The release focuses primarily on bug fixes and security enhancements rather than introducing new features.

Highlight of the Release

• Fixed plugin compatibility issues on Windows servers
• Improved Right-to-Left (RTL) language support
• Enhanced security through better input sanitization
• Fixed RSS feed handling for comments using dc:creator instead of author
• Added ability for plugins to override the cockney replace array

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 2.2.3 is a direct update to the 2.2.x branch and focuses on bug fixes and security improvements rather than changes that would require migration efforts.

Users can update through the standard WordPress update process without any special considerations.

Upgrade Recommendations

This update is highly recommended for all WordPress 2.2.x users due to the security fixes included. The release addresses several security vulnerabilities and bugs that could affect site stability and security.

Users should upgrade as soon as possible to ensure their WordPress installations remain secure. As this is a maintenance release, the risk of compatibility issues with existing themes and plugins is minimal.

Bug Fixes

• Fixed RTL (Right-to-Left) language support issues (fixes #4729)
• Changed RSS2 comment feeds to use dc:creator instead of author for better compatibility (fixes #4704)
• Addressed formatting cleanup issues (fixes #4775)
• Fixed mt_allow_pings functionality (fixes #4770)
• Corrected plugin basename handling for Windows servers, improving plugin compatibility on Windows hosting (fixes #3002)
• Fixed how the wp_filter array is keyed for more reliable plugin hooks (fixes #3875)
• Properly unset no_filter variable when needed (fixes #4720)
• Improved determination of server variables (fixes #4748)
• Fixed an issue where sanitization was being skipped on 404 pages
• Improved handling of query arguments by passing them as arrays instead of query strings

New Features

WordPress 2.2.3 is primarily a maintenance release focused on bug fixes and security improvements rather than new features. However, there are a few enhancements that could be considered new functionality:

• Added filters for wp_title display, allowing for more customization of page titles
• Enabled plugins to override the cockney replace array, providing more flexibility for text replacements
• Made the WordPress version (wp_version) globally accessible for use by Magpie and other components

Security Updates

• Enhanced sanitization of various options throughout the system
• Improved handling of special characters in regex patterns (related to #4873)
• Better sanitization of redirect URLs in wp_redirect() to prevent potential header injection vulnerabilities (fixes #4819)
• Restricted access to private query variables in url_to_postid function to prevent potential information disclosure
• Added additional input sanitization, even on 404 pages, to prevent potential security issues

Performance Improvements

This maintenance release doesn't include any significant performance improvements. The focus was primarily on bug fixes and security enhancements rather than performance optimizations.

Impact Summary

WordPress 2.2.3 is a security and bug fix release that addresses several important issues in the 2.2.x branch. The update improves security through enhanced input sanitization and better handling of redirects, fixes plugin compatibility issues on Windows servers, and improves RTL language support.

For developers, the release provides better hook reliability through fixes to the wp_filter array and adds the ability to override the cockney replace array. Content creators benefit from improved RSS feed handling and formatting fixes.

While this is primarily a maintenance release without major new features, the security enhancements make it an important update for all WordPress 2.2.x users. The changes are focused on stability and security rather than introducing potentially breaking changes, making it a straightforward and recommended upgrade.