HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.7.30

WordPress Release: 3.7.30

Tag Name: 3.7.30

Release Date: 9/4/2019

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.7.30 focuses on security improvements with multiple fixes for URL handling and sanitization. This maintenance release addresses several security vulnerabilities related to URL validation, content handling, and attachment uploads, making it an important update for all WordPress 3.7 installations.

Highlight of the Release

    • Improved URL validation in wp_validate_redirect()
    • Enhanced security for attachment uploads in wp_ajax_upload_attachment()
    • Fixed URL sanitization in wp_kses_bad_protocol_once()
    • Removed _convert_urlencoded_to_entities() from the get_the_content() callback

Migration Guide

No specific migration steps are required for this update. This is a security maintenance release that should be applied as soon as possible without any expected impact on existing functionality.

To update to WordPress 3.7.30:

  1. Back up your WordPress site (files and database)
  2. Update through your WordPress dashboard or download the update and install it manually
  3. Verify your site functionality after the update

Note that WordPress 3.7 is a legacy version. If possible, users should consider upgrading to the latest WordPress version for improved security and features.

Upgrade Recommendations

Immediate Upgrade Recommended

This release contains important security fixes that address multiple vulnerabilities in WordPress 3.7. All users running WordPress 3.7.x should update to version 3.7.30 immediately.

While this update addresses known security issues in the 3.7 branch, it's important to note that WordPress 3.7 is a legacy version that reached end-of-life status years ago. For optimal security and functionality, users should strongly consider upgrading to the latest WordPress version.

If you must remain on the 3.7 branch for compatibility reasons, applying this security update is essential to protect your site from known vulnerabilities.

Bug Fixes

Security-Related Bug Fixes

  • Fixed URL sanitization in wp_kses_bad_protocol_once() to properly handle potentially malicious URLs
  • Improved URL validation in wp_validate_redirect() to prevent potential security issues
  • Added proper output escaping in wp_ajax_upload_attachment() to prevent potential XSS vulnerabilities
  • Removed _convert_urlencoded_to_entities() from the get_the_content() callback to address a security concern

New Features

No new features were added in this release. WordPress 3.7.30 is a security maintenance release focused on addressing vulnerabilities and improving existing functionality.

Security Updates

Security Enhancements

  • URL Validation Improvements: Enhanced the wp_validate_redirect() function to better validate URLs and prevent potential security issues that could lead to open redirect vulnerabilities

  • Attachment Upload Security: Added proper escaping to the output in wp_ajax_upload_attachment() to prevent potential cross-site scripting (XSS) attacks when handling file uploads

  • URL Sanitization Fix: Addressed a vulnerability in wp_kses_bad_protocol_once() that could potentially allow malicious URLs to bypass security checks

  • Content Callback Security: Removed the _convert_urlencoded_to_entities() function from the get_the_content() callback to eliminate a potential security weakness in content processing

Performance Improvements

No specific performance improvements were included in this release. The changes were primarily focused on security enhancements and bug fixes.

Impact Summary

WordPress 3.7.30 is a security-focused maintenance release that addresses several vulnerabilities related to URL handling, content processing, and attachment uploads. The primary impact is improved security for WordPress 3.7 installations.

The security fixes in this release protect sites from potential attacks that could exploit URL validation weaknesses, bypass sanitization checks, or leverage attachment upload handling for cross-site scripting. These improvements help maintain the security integrity of WordPress 3.7 sites despite the branch's legacy status.

While no new features are introduced, the security enhancements are critical for all WordPress 3.7 users. The changes are focused on core security functions and should not affect normal site operation or require any adjustments from users or developers.

This release represents ongoing security maintenance for the WordPress 3.7 branch, demonstrating the WordPress team's commitment to supporting even older versions with critical security updates.

Statistics:

File Changed14
Line Additions54
Line Deletions107
Line Changes161
Total Commits6

User Affected:

  • Need to update their WordPress installations to address security vulnerabilities
  • Benefit from improved protection against potential URL-based attacks
  • Gain enhanced security for attachment uploads

Contributors:

whyisjakeSergeyBiryukovdesrosj