HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.9.13

WordPress Release: 3.9.13

Tag Name: 3.9.13

Release Date: 6/21/2016

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.9.13 is a maintenance and security release that addresses several important issues. It includes security improvements for URL handling and escaping, better permission checks for post revisions and taxonomies, and fixes for media handling and admin functionality.

This release focuses on enhancing security through proper escaping of URLs and attachment names, improving permission management, and fixing bugs in the customizer and media library. While not introducing new features, it strengthens WordPress's security posture and fixes several edge cases that could cause issues for site administrators.

Highlight of the Release

    • Enhanced security through proper URL escaping in admin interfaces
    • Improved permission checks for viewing revision diffs
    • Better handling of media files with extensionless filenames
    • More specific capability checks when processing taxonomy data

Migration Guide

No migration steps are required for this maintenance release. WordPress 3.9.13 can be installed as a direct update from previous versions without any special considerations or changes to your existing setup.

As with any WordPress update, it's always recommended to:

  1. Back up your website before updating
  2. Test the update on a staging environment if possible
  3. Check compatibility with your themes and plugins after updating

Upgrade Recommendations

This release contains important security fixes and is highly recommended for all WordPress 3.9.x users.

The security improvements address potential vulnerabilities related to URL handling, attachment name escaping, and permission checks. These fixes help protect your WordPress site from potential security issues.

Since this is a maintenance release focused on security, upgrading should be considered a priority for all sites running WordPress 3.9.x.

Bug Fixes

  • Customizer: Ensured that preview and return URLs are properly validated as URLs
  • Media Library: Improved handling of files with extensionless filenames
  • Admin Interface: Fixed issues with special characters in attachment names by properly escaping them
  • Taxonomy Management: Addressed a bug with capability checks when processing category data on post save
  • URL Handling: Fixed improper escaping of URL-encoded permalinks in admin interfaces

New Features

No new features were introduced in this maintenance release. WordPress 3.9.13 focuses on security improvements and bug fixes to enhance the stability and security of existing functionality.

Security Updates

  • Admin Interface: Improved security by properly escaping attachment names that contain special characters
  • URL Handling: Enhanced security by properly escaping URL-encoded permalinks in admin interfaces
  • Authentication: Added consistent filtering of auth_redirect_scheme to improve security of authentication redirects
  • Revisions: Changed the capability needed to view revision diffs to edit_post for better access control
  • Taxonomy: Implemented more specific capability checks when processing category data during post save operations

Performance Improvements

No specific performance improvements were included in this release. WordPress 3.9.13 primarily focuses on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 3.9.13 is primarily a security-focused maintenance release that addresses several potential vulnerabilities and bugs in the core system. The changes focus on proper escaping of URLs and attachment names, improved permission checks, and better handling of edge cases.

The security improvements include proper escaping of attachment names containing special characters, better URL validation in the Customizer, more specific capability checks for taxonomy operations, and improved permission requirements for viewing revision diffs.

While this release doesn't introduce new features or significant changes to functionality, it strengthens WordPress's security posture and fixes several edge cases that could potentially cause issues for site administrators.

The impact on day-to-day usage should be minimal, with most changes happening behind the scenes to improve security rather than changing how users interact with the system. However, the security improvements are significant enough to warrant updating as soon as possible.

Statistics:

File Changed12
Line Additions56
Line Deletions28
Line Changes84
Total Commits9

User Affected:

  • Improved security when handling attachments with special characters in their names
  • More consistent filtering of authentication redirect schemes
  • Better URL escaping for permalinks in the admin interface
  • More specific capability checks when processing category data

Contributors:

jeremyfeltocean90boonebgorgesnbrachelbakerjoemcgillaaronjorbin