HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.8.17

WordPress Release: 3.8.17

Tag Name: 3.8.17

Release Date: 1/11/2017

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.8.17 is a maintenance and security update that brings important improvements to the core platform. This release includes updates to PHPMailer (now at version 5.2.22), enhanced media handling, improved security measures, and various bug fixes.

Key improvements:

  • PHPMailer upgraded to version 5.2.22 for better email handling and security
  • Enhanced media title generation from filenames
  • Improved image filetype validation with better performance
  • Added security nonce for widget accessibility mode
  • Fixed theme name fallback markup
  • Better plugin data translation on the Updates screen

Highlight of the Release

    • PHPMailer upgraded to version 5.2.22 for improved email handling and security
    • Enhanced media title generation from filenames, preserving spaces for cleaner titles
    • Improved image filetype validation with new wp_get_image_mime() function
    • Added security nonce for widget accessibility mode
    • Better random number generation for multisite signup keys

Migration Guide

This is a maintenance and security release that doesn't require any specific migration steps. Simply update to WordPress 3.8.17 through your dashboard or by downloading the update from wordpress.org.

After updating, if you're using custom code that interacts with the media library or email functionality, you may want to test these features to ensure compatibility with the updated components.

Upgrade Recommendations

Priority: High

This update is highly recommended for all WordPress 3.8.x users due to the security improvements, particularly the PHPMailer updates which address known vulnerabilities.

The update process should be straightforward with no expected compatibility issues. As always, it's recommended to backup your site before performing any update.

Users should update as soon as possible to ensure their sites remain secure against potential threats addressed in this release.

Bug Fixes

  • Theme Name Fallbacks: Fixed markup issues with theme name fallbacks, ensuring proper display.

  • Mail Configuration: Disabled wp-mail.php when mailserver_url is set to the default value of mail.example.com, preventing potential misconfigurations.

  • Image Filetype Checking: Fixed issues with image filetype validation, now returning false for ext/MIME values when validation fails.

  • Copyright Year: Updated copyright year to 2017 in license.txt.

New Features

  • New Image Validation Function: Added wp_get_image_mime() function which uses exif_imagetype() when available for better performance than the previous getimagesize() method. This improves image filetype validation while reducing dependency on GD.

  • Enhanced Media Title Generation: Media titles are now more accurately created from filenames, preserving spaces and producing cleaner results when uploading files.

  • Improved Plugin Translation: Plugin data on the Updates screen is now properly translated, enhancing the experience for non-English users.

Security Updates

  • PHPMailer Updates: Upgraded PHPMailer to version 5.2.22, addressing security vulnerabilities in previous versions.

  • Widget Accessibility Mode: Added security nonce for widget accessibility mode to prevent potential CSRF attacks.

  • Multisite Signup Security: Enhanced security in multisite signup key creation by using wp_rand() for better random number generation.

  • Image Validation: Improved image filetype validation to better protect against potentially malicious file uploads.

Performance Improvements

  • Image Processing: Improved image filetype checking by using exif_imagetype() when available instead of getimagesize(). This change is more performant and reduces dependency on the GD library.

  • Email Handling: The upgrade to PHPMailer 5.2.22 includes various performance improvements for email processing.

Impact Summary

WordPress 3.8.17 is primarily a security and maintenance release that focuses on improving core functionality rather than adding new features. The most significant changes involve email handling security through PHPMailer updates, improved media management, and enhanced security measures.

The PHPMailer upgrade to version 5.2.22 addresses important security vulnerabilities, making this update critical for maintaining site security. Media handling improvements provide a better user experience when uploading files, with more accurate title generation and more reliable filetype validation.

Additional security enhancements include better random number generation for multisite installations and added nonce protection for widget accessibility mode. These changes strengthen WordPress against potential security threats without requiring any configuration changes from users.

While this update doesn't introduce major new features, the security improvements and bug fixes make it an important update for all WordPress 3.8.x installations.

Statistics:

File Changed16
Line Additions5,266
Line Deletions3,777
Line Changes9,043
Total Commits13

User Affected:

  • Improved security with PHPMailer updates and better nonce handling
  • Enhanced media management with better title generation from filenames
  • Better plugin data translation on the Updates screen

Contributors:

dd32joemcgillaaroncampbelljeremyfeltocean90