WordPress Release: 3.9.34

TL;DR

WordPress 3.9.34 is primarily a maintenance release focused on modernizing the development infrastructure for the 3.9 branch. It updates Node.js support to version 14.x, introduces the Docker-based local development environment, migrates automated testing from TravisCI to GitHub Actions, and includes an important security improvement to PHPMailer attachment handling. This release ensures the WordPress 3.9 branch remains maintainable with modern development tools while continuing to receive security updates as a courtesy.

This release is particularly important for developers working with the 3.9 branch and administrators who need to maintain legacy WordPress installations with the latest security patches.

Highlight of the Release

• Support for Node.js 14.x LTS in the 3.9 branch
• Migration from TravisCI to GitHub Actions for automated testing
• Introduction of Docker-based local WordPress development environment
• Security improvement in PHPMailer attachment handling

Migration Guide

No specific migration steps are required for end users upgrading from WordPress 3.9.33 to 3.9.34.

For developers working with the 3.9 branch:

1. Node.js Version: Update to Node.js 14.x when working with the codebase
2. Development Environment: You can now use the Docker-based local development environment
3. Automated Testing: Tests now run on GitHub Actions instead of TravisCI

The changes in this release are primarily focused on the development infrastructure and should not impact existing WordPress installations or plugins.

Upgrade Recommendations

This release contains a security improvement to PHPMailer attachment handling, so upgrading is recommended for all sites still running WordPress 3.9.

While WordPress 3.9 is no longer officially supported with regular updates, this release is part of the courtesy security updates provided to legacy versions. For optimal security and features, sites should ideally upgrade to the latest WordPress version.

Priority: Medium Urgency: Normal for sites on WordPress 3.9 Complexity: Low (standard WordPress update process)

Bug Fixes

No specific bug fixes were mentioned in the release notes beyond the infrastructure and tooling improvements.

New Features

Development Environment Improvements

• Node.js 14.x Support: Updated the 3.9 branch to support the latest LTS version of Node.js (14.x), allowing the same version to be used across all WordPress branches that receive security updates.

• Docker-based Local Development: Backported the Docker-based local WordPress development environment to the 3.9 branch, making it easier to set up and work with this legacy version.

• GitHub Actions Integration: Migrated automated testing from TravisCI to GitHub Actions with several workflow improvements:

  • Support for manual triggering of workflows via workflow_dispatch event
  • Split single site and multisite tests into parallel jobs
  • Separate parallel jobs for slow tests on PHP <= 5.6
  • Better branch and path scoping for workflows when running on pull requests

Security Updates

PHPMailer Security Improvement

• Enhanced Attachment Handling: Improved the security of attachment handling in PHPMailer, addressing potential security concerns with email attachments.

Performance Improvements

Test Performance Improvements

• Parallel Test Processing: Split single site and multisite tests into parallel jobs for faster test completion
• Optimized Slow Tests: Separated slow tests into dedicated parallel jobs for PHP <= 5.6
• Improved Timeout Handling: Enhanced skipTestOnTimeout() to handle more types of timeouts in HTTP tests, including "Resolving timed out" and "Connection timed out" scenarios

Impact Summary

WordPress 3.9.34 represents a significant modernization of the development infrastructure for the 3.9 branch, which continues to receive security updates as a courtesy despite being out of official support.

The most notable impact is for developers who need to work with this legacy branch, as they now have access to modern tools like Node.js 14.x support, Docker-based local development, and GitHub Actions for automated testing. These changes align the development experience more closely with current WordPress branches.

For site administrators and users, the security improvement to PHPMailer attachment handling provides an important security enhancement. While this release doesn't introduce new user-facing features, it ensures that the WordPress team can continue to provide security updates to this legacy branch efficiently.

Overall, this release demonstrates WordPress's commitment to maintaining security even for older versions, while also modernizing the development workflow to ensure sustainable maintenance of legacy code.