HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.9.6

WordPress Release: 3.9.6

Tag Name: 3.9.6

Release Date: 5/7/2015

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.9.6 is a security and maintenance release that addresses several important database handling issues and security vulnerabilities. It improves how WordPress validates and processes database queries, fixes character encoding issues, and removes potentially vulnerable files during upgrades. This release is particularly important for sites with non-Latin characters in their database and those concerned about security hardening.

Highlight of the Release

    • Enhanced database security with improved string length validation
    • Fixed TinyMCE editor bug affecting tag matching
    • Improved handling of non-ASCII characters in database table names
    • Reduced memory usage for UTF-8 regex processing
    • Security hardening by removing potentially vulnerable files during upgrades

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 3.9.6 is a backward-compatible update focused on security and bug fixes.

To update to WordPress 3.9.6:

  1. Back up your website files and database before updating
  2. Update through the WordPress admin dashboard or download the update from wordpress.org
  3. Follow the standard WordPress update process

No database schema changes or template modifications are required for this update.

Upgrade Recommendations

This update is highly recommended for all WordPress 3.9.x users due to the security improvements and critical bug fixes included. The release addresses several important database handling issues and removes potentially vulnerable files.

Priority: High

Sites using non-Latin characters in their database content or table names will particularly benefit from the improvements in character encoding handling. Sites running on low-memory servers will also see stability improvements from the UTF-8 regex memory optimization.

Update as soon as possible to ensure your WordPress installation remains secure and stable.

Bug Fixes

Database Handling Improvements

  • Fixed an issue where mb_convert_encoding() was being used incorrectly for MySQL character encoding conversion
  • Resolved a bug in TinyMCE's tags matching regex
  • Fixed handling of table names in the dbname.tablename format
  • Improved handling of non-ASCII characters in database table names
  • Added sanity checks to prevent content loss with unintelligible DB schemas
  • Enhanced $wpdb->get_col_length() to bail on unexpected return values

Memory Usage Optimization

  • Reduced memory usage for UTF-8 regex processing, improving stability on low-memory systems

New Features

No significant new features were introduced in this maintenance release. WordPress 3.9.6 focuses primarily on security improvements and bug fixes related to database handling and character encoding.

Security Updates

Security Hardening

  • Added functionality to remove suspicious comments during WordPress upgrades
  • Implemented removal of Genericons example.html files during upgrades to address a potential XSS vulnerability
  • Enhanced database string validation to prevent potential SQL injection vectors
  • Added sanity checks to ensure strings being stored in the database are not too long, preventing potential database corruption
  • Improved handling of character encoding in database queries to prevent potential security issues

Performance Improvements

Memory Optimization

  • Reduced memory footprint for UTF-8 regex processing, which helps prevent failures on low-memory machines
  • Optimized database query processing by skipping unnecessary character set checks for queries that don't return user data

Database Query Efficiency

  • Improved handling of database queries with non-Latin characters
  • Enhanced validation of database strings to prevent potential performance issues

Impact Summary

WordPress 3.9.6 is primarily a security and maintenance release that strengthens the core platform's handling of database operations. The most significant improvements focus on proper validation of database strings, better handling of character encoding, and removal of potentially vulnerable files during upgrades.

For most users, this update will provide behind-the-scenes stability and security improvements without changing the day-to-day WordPress experience. Site administrators will benefit from enhanced protection against potential security vulnerabilities, particularly those related to database handling.

Developers working with multilingual sites or custom database queries will notice improved handling of non-ASCII characters in table names and better management of character encoding in database operations.

This release demonstrates WordPress's ongoing commitment to security hardening and addressing edge cases that could affect stability, particularly for international users working with non-Latin content.

Statistics:

File Changed13
Line Additions935
Line Deletions93
Line Changes1,028
Total Commits13

User Affected:

  • Improved security during WordPress upgrades with removal of suspicious comments and vulnerable files
  • Better handling of database queries with non-Latin characters
  • Enhanced protection against potential database corruption

Contributors:

pentomdawaffeazaozzhelenocean90aaronjorbinjohnbillion