WordPress Release: 3.8.12

TL;DR

WordPress 3.8.12 brings important updates to the background update system and improves theme security by properly escaping error messages. This maintenance release focuses on fixing issues with the background update scheduling and addressing a potential security vulnerability in theme error handling.

Highlight of the Release

• Removed redundant 7am/7pm background update check schedule
• Backported API TTL respect functionality from WordPress 3.9 to the 3.8 branch
• Fixed security issue by properly escaping theme error messages

Migration Guide

No specific migration steps are required when updating to WordPress 3.8.12. This is a maintenance and security release that can be applied through the standard WordPress update process.

As always, it's recommended to back up your WordPress installation before performing any update.

Upgrade Recommendations

Immediate Upgrade Recommended

Due to the security fix included in this release, it is strongly recommended that all WordPress 3.8 users upgrade to version 3.8.12 as soon as possible.

The update can be applied through the WordPress dashboard or by downloading the release from the WordPress.org website. As this is a maintenance release, the update process should be smooth and not affect existing functionality.

Bug Fixes

Background Update System Improvements

The WordPress 3.8.12 release addresses an issue with the background update system by removing the redundant 7am/7pm update check schedule. This change backports functionality from WordPress 3.9 that allows the system to respect API TTL (Time To Live) values, making the update process more efficient.

This fix resolves ticket #35323 which reported issues with the background update scheduling system.

New Features

No significant new features were introduced in this maintenance release. The changes focus on bug fixes and security improvements to the existing WordPress 3.8 functionality.

Security Updates

Theme Error Message Escaping

WordPress 3.8.12 includes an important security fix that properly escapes theme error messages. This change helps prevent potential cross-site scripting (XSS) vulnerabilities that could occur if unescaped error messages contain malicious code.

The fix ensures that any error messages displayed to users are properly sanitized before being output to the browser, maintaining the security integrity of WordPress installations.

Performance Improvements

More Efficient Background Update Checks

By removing the fixed 7am/7pm background update check schedule and respecting API TTL values instead, WordPress 3.8.12 improves the efficiency of the background update system. This change reduces unnecessary server requests and distributes update checks more evenly, potentially improving server performance for sites running WordPress 3.8.

Impact Summary

WordPress 3.8.12 is a targeted maintenance and security release that improves the background update system and fixes a potential security vulnerability in theme error handling.

The changes to the background update system make it more efficient by removing redundant update checks and respecting API TTL values, which can lead to better server performance and more predictable update behavior.

The security improvement for theme error message escaping helps protect WordPress sites from potential cross-site scripting attacks, enhancing the overall security posture of WordPress 3.8 installations.

While this release doesn't introduce new features, it provides important fixes that improve the stability, efficiency, and security of WordPress 3.8, making it an essential update for all users still running this version.