WordPress Release: 3.9.35

TL;DR

WordPress 3.9.35 is a security and maintenance release that addresses three important issues: improved sanitization in the WP_Tax_Query class, removal of unnecessary unserialize() usage during upgrades/installations, and fixed encoding of ASCII characters in post slugs. This release enhances WordPress security and stability without introducing new features, making it an important update for all WordPress site owners.

Highlight of the Release

• Improved security through better sanitization in the WordPress taxonomy query system
• Enhanced upgrade and installation process by removing unnecessary use of unserialize()
• Fixed encoding of ASCII characters in post slugs for better URL handling

Migration Guide

No migration steps are required for this update. WordPress 3.9.35 is a maintenance and security release that should be compatible with existing themes and plugins. Simply update your WordPress installation through the admin dashboard or via your preferred method.

Upgrade Recommendations

This update is highly recommended for all WordPress 3.9.x users due to the security improvements included. Since this is a security release, it's advised to update as soon as possible to protect your site from potential vulnerabilities.

To update:

1. Back up your website files and database before updating
2. Update through your WordPress admin dashboard (Dashboard → Updates)
3. Alternatively, download the update from WordPress.org and perform a manual update

If you're running an older version of WordPress, consider updating to the latest major version for access to all current features and security improvements.

Bug Fixes

• Fixed Post Slug Encoding: Corrected the encoding of ASCII characters in post slugs, ensuring proper URL formation and preventing potential issues with special characters in permalinks.

• Upgrade/Installation Process: Addressed an issue where unserialize() was being used unnecessarily during the WordPress upgrade or installation process, which could potentially lead to stability issues.

New Features

No new features were introduced in this release. WordPress 3.9.35 is focused on security improvements and bug fixes to enhance the stability and security of existing functionality.

Security Updates

• Enhanced Sanitization in WP_Tax_Query: Improved the sanitization process within the WP_Tax_Query class to prevent potential security vulnerabilities related to taxonomy queries. This enhancement helps protect against possible injection attacks when working with taxonomy data.

• Reduced Security Risk in Upgrade Process: Removed unnecessary usage of unserialize() during WordPress upgrades and installations, which reduces the risk of potential object injection vulnerabilities.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 3.9.35 is a targeted security and maintenance release that addresses specific vulnerabilities and bugs without introducing new features or breaking changes. The security improvements to the WP_Tax_Query class and the upgrade process strengthen WordPress against potential attacks, while the fix for ASCII character encoding in post slugs resolves issues with URL formation. This update is particularly important for sites that rely on taxonomy queries or have content with special characters in the titles. The changes are backward compatible and should not disrupt existing functionality, making this a low-risk, high-value update for all WordPress 3.9.x installations.