WordPress Release: 3.9.8

TL;DR

WordPress 3.9.8 is a maintenance and security release that addresses several important issues. It fixes bugs in the Customizer, Heartbeat API, and shortcode handling, while also improving security with the implementation of hash_equals() for widgets. This update ensures post locks are properly released, fixes broken links in legacy theme previews, and provides consistent widget titles in navigation menus.

This release is recommended for all WordPress 3.9 users to maintain site security and stability. It continues WordPress's commitment to maintaining older branches with critical fixes while encouraging users to consider upgrading to the latest major version for full feature support.

Highlight of the Release

• Security enhancement with hash_equals() implementation for widgets in the Customizer
• Fixed Heartbeat API issue to ensure post locks are properly released
• Improved shortcode handling for edge cases
• Fixed broken links in legacy theme previews
• More consistent navigation menu widget titles

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 3.9.8 is a direct update from previous 3.9.x versions and doesn't introduce any breaking changes or features requiring migration procedures.

Upgrade Recommendations

It is strongly recommended that all WordPress 3.9 users upgrade to version 3.9.8 as soon as possible to benefit from the security improvements and bug fixes included in this release.

While WordPress continues to maintain older branches with security updates, users on the 3.9 branch should consider upgrading to the latest major WordPress version for access to improved features, performance enhancements, and ongoing security support.

This is a maintenance and security release, so the upgrade process should be straightforward with minimal risk of compatibility issues.

Bug Fixes

• Post Lock Release: Fixed an issue in the Heartbeat API where post locks weren't being properly released when a user's session ended, potentially blocking other users from editing content.

• Shortcode Edge Case: Resolved a bug in the shortcode parser that affected handling of malformed shortcodes with the pattern <[shortcode].

• Legacy Theme Preview: Fixed broken links in the legacy theme preview functionality, ensuring proper navigation within the theme preview interface.

• Comment ID Handling: Fixed an issue where comment IDs weren't consistently treated as integers, which could cause unexpected behavior in certain contexts.

• Navigation Menu Widgets: Implemented consistent titles in navigation menu widgets for better user experience and interface predictability.

New Features

No significant new features were introduced in this maintenance release. WordPress 3.9.8 focuses on bug fixes, security improvements, and minor enhancements to existing functionality.

Security Updates

• Improved Widget Security: Enhanced security in the Customizer by implementing hash_equals() for widget handling, providing better protection against timing attacks when comparing security tokens. This helps prevent potential security vulnerabilities in the widget management system.

Performance Improvements

No specific performance improvements were highlighted in this maintenance release. The focus was primarily on bug fixes and security enhancements rather than performance optimizations.

Impact Summary

WordPress 3.9.8 delivers important security enhancements and bug fixes that improve the stability and security of WordPress 3.9 installations. The implementation of hash_equals() for widgets in the Customizer addresses potential security vulnerabilities, while fixes to the Heartbeat API ensure smoother collaborative editing by properly releasing post locks.

The release also addresses several user experience issues, including consistent navigation menu widget titles, fixed broken links in legacy theme previews, and improved shortcode handling. These changes collectively enhance the reliability and usability of WordPress 3.9 sites.

For site administrators and content creators, this update resolves frustrating issues like stuck post locks that could block content editing. Developers benefit from more secure widget handling and improved comment ID processing. While this is primarily a maintenance release without new features, it represents WordPress's ongoing commitment to supporting older versions with critical security and stability updates.