HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.7.17

WordPress Release: 3.7.17

Tag Name: 3.7.17

Release Date: 1/11/2017

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.7.17 is a maintenance and security update that brings important improvements to media handling, email functionality, and security enhancements. This release upgrades PHPMailer to version 5.2.22, improves media title generation from filenames, enhances image filetype validation, and adds security measures like nonce verification for widget accessibility mode and better multisite signup key generation.

Highlight of the Release

    • PHPMailer upgraded to version 5.2.22 with security improvements
    • Improved media title generation from filenames with preserved spaces
    • Enhanced image filetype validation with new wp_get_image_mime() function
    • Added nonce verification for widget accessibility mode
    • Better multisite signup key generation using wp_rand()

Migration Guide

No specific migration steps are required for this update. WordPress 3.7.17 is a maintenance and security release that should be compatible with existing sites.

If you're using custom code that interacts with image validation or the PHPMailer library, you may want to review the changes to ensure compatibility, but most sites should update smoothly without any issues.

Upgrade Recommendations

This update is highly recommended for all WordPress 3.7 users due to the security improvements, particularly the PHPMailer upgrade which addresses known vulnerabilities.

Upgrade Priority: High

WordPress 3.7.17 contains important security enhancements and bug fixes that improve the stability and security of your website. The PHPMailer upgrade alone is a critical security update that protects against potential email-related vulnerabilities.

We recommend updating as soon as possible to ensure your site remains secure.

Bug Fixes

Media Title Generation

  • Fixed media title generation from filenames to preserve spaces and create more accurate, cleaner titles when uploading files (fixes #37989)

Theme Name Fallbacks

  • Fixed markup for theme name fallbacks to ensure proper display

Plugin Updates Screen

  • Fixed translation of plugin data on the Updates screen for better multilingual support

Image Filetype Validation

  • Fixed image filetype checking with improved validation methods
  • Added fallback handling when filetype validation fails, now returning false for ext/MIME values
  • Fixed exif_imagetype check in wp_get_image_mime() function

New Features

New wp_get_image_mime() Function

WordPress 3.7.17 introduces a new wp_get_image_mime() function that improves image filetype validation. This function uses exif_imagetype() when available, which is more performant than the previous getimagesize() method and doesn't require GD library. If exif_imagetype() is not available, it falls back to the previous method, ensuring backward compatibility while improving performance where possible.

Security Updates

PHPMailer Security Updates

  • Upgraded PHPMailer from 5.2.21 to 5.2.22 to address security vulnerabilities
  • Implemented multiple security patches from PHPMailer updates

Widget Accessibility Mode

  • Added nonce verification for widget accessibility mode to prevent potential CSRF attacks

Multisite Signup Security

  • Improved multisite signup key creation by using wp_rand() for better randomness and security

Mail Security

  • Disabled wp-mail.php when mailserver_url is set to the default value (mail.example.com) to prevent potential misuse

Performance Improvements

Image Processing Performance

  • Improved image filetype validation by using exif_imagetype() instead of getimagesize() when available
  • The new approach is more performant and reduces dependency on the GD library

Email Handling

  • Updated PHPMailer to version 5.2.22 with various performance improvements

Impact Summary

WordPress 3.7.17 is primarily a security and maintenance release that focuses on improving core functionality rather than adding new features. The most significant changes include:

  1. Security Enhancements: The upgrade to PHPMailer 5.2.22 addresses security vulnerabilities in the email system. Additional security improvements include better multisite signup key generation and nonce verification for widget accessibility mode.

  2. Media Handling Improvements: Better media title generation from filenames and enhanced image filetype validation make content creation more reliable and user-friendly.

  3. Performance Optimizations: The new image validation method using exif_imagetype() improves performance when processing images.

  4. Internationalization: Better translation support for plugin data on the Updates screen improves the experience for non-English users.

These changes collectively enhance WordPress's security posture and reliability without requiring any significant workflow changes for users.

Statistics:

File Changed16
Line Additions5,266
Line Deletions3,777
Line Changes9,043
Total Commits13

User Affected:

  • Improved security with PHPMailer upgrade to 5.2.22
  • Enhanced widget accessibility mode with nonce verification
  • Better multisite signup key generation using wp_rand()

Contributors:

dd32joemcgillaaroncampbelljeremyfeltocean90