HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.9.15

WordPress Release: 3.9.15

Tag Name: 3.9.15

Release Date: 1/11/2017

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.9.15 is a maintenance and security update that includes several important improvements to the core functionality. This release upgrades PHPMailer to version 5.2.22, enhances media handling with better filename-to-title conversion and improved image filetype validation, adds security nonces for widget accessibility mode, and fixes various bugs. The update also improves multisite signup security and enhances theme and plugin translation support.

Highlight of the Release

    • PHPMailer upgraded to version 5.2.22 for improved security and functionality
    • Enhanced media title generation from filenames with better space preservation
    • Improved image filetype validation with new wp_get_image_mime() function
    • Added security nonce for widget accessibility mode
    • Better multisite signup security with wp_rand() implementation

Migration Guide

This is a maintenance and security release that doesn't require any specific migration steps. Simply update to WordPress 3.9.15 through your dashboard or by downloading the update from wordpress.org.

After updating, if you're using custom code that interacts with the media library or image validation, you may want to review any functions that rely on image type detection, as the new wp_get_image_mime() function provides a more reliable method for this purpose.

Upgrade Recommendations

This update is highly recommended for all WordPress 3.9.x users due to the security improvements, particularly the PHPMailer upgrade which addresses known vulnerabilities.

The update also includes several bug fixes and enhancements that improve the overall stability and security of your WordPress installation. As this is a maintenance release, it should be safe to update with minimal risk of compatibility issues.

Users should update as soon as possible to ensure their sites remain secure and benefit from the improved functionality.

Bug Fixes

  • Theme Name Fallbacks: Fixed markup for theme name fallbacks to ensure proper display.
  • Mail Configuration: Disabled wp-mail.php functionality when mailserver_url is set to the default placeholder value of mail.example.com.
  • Image Filetype Validation: Fixed issues with image filetype checking to prevent potential problems with uploads.
  • Copyright Year: Updated copyright year to 2017 in license.txt.

New Features

  • New Image MIME Type Detection Function: Added wp_get_image_mime() function that uses the more efficient exif_imagetype() when available, falling back to getimagesize() when necessary.
  • Improved Media Title Generation: Media titles are now more accurately created from filenames, preserving spaces and producing cleaner results when uploading files.
  • Enhanced Plugin Translation: Plugin data on the Updates screen is now properly translated, improving the experience for non-English users.

Security Updates

  • PHPMailer Upgrade: Updated PHPMailer from 5.2.21 to 5.2.22 to address security vulnerabilities.
  • Widget Accessibility Mode: Added security nonce for widget accessibility mode to prevent potential CSRF attacks.
  • Multisite Signup Security: Enhanced security in multisite signup key creation by using wp_rand() for better randomization.
  • Image Validation: Improved image filetype checking to prevent potential security issues with malicious file uploads.

Performance Improvements

  • Image Validation: Improved performance for image validation by using exif_imagetype() when available instead of the more resource-intensive getimagesize() function.
  • PHPMailer Efficiency: The upgrade to PHPMailer 5.2.22 includes various performance optimizations for email handling.

Impact Summary

WordPress 3.9.15 is primarily a security and maintenance release that focuses on improving core functionality rather than adding major new features. The most significant changes involve security enhancements, particularly the PHPMailer upgrade to version 5.2.22, which addresses potential vulnerabilities.

Content creators will appreciate the improved media title generation from filenames, which now preserves spaces and creates cleaner titles. Developers will benefit from the new wp_get_image_mime() function, which provides more efficient image type validation.

Site administrators gain additional security through the widget accessibility mode nonce protection and improved multisite signup security. For multilingual sites, the enhanced translation support for plugin data on the Updates screen improves the user experience.

Overall, this release represents an important update for maintaining the security and stability of WordPress 3.9.x installations without introducing breaking changes or requiring significant adaptation from users or developers.

Statistics:

File Changed16
Line Additions2,205
Line Deletions1,095
Line Changes3,300
Total Commits13

User Affected:

  • Enhanced security with PHPMailer upgrade to version 5.2.22
  • Improved widget accessibility mode with added nonce protection
  • Better multisite signup security with improved random number generation

Contributors:

dd32joemcgillaaroncampbelljeremyfeltocean90