HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.9.9

WordPress Release: 3.9.9

Tag Name: 3.9.9

Release Date: 9/15/2015

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.9.9 is a security and maintenance release that addresses several important vulnerabilities and bugs. This update focuses on fixing security issues related to user email escaping, shortcode handling, and XML-RPC functionality. It also improves capabilities handling for orphaned comments and fixes database query issues with hyphenated table names.

This release is critical for all WordPress 3.9.x users as it patches multiple security vulnerabilities that could potentially be exploited. Site administrators should update immediately to protect their websites from these security risks.

Highlight of the Release

    • Fixed security vulnerability in list tables where user emails weren't properly escaped
    • Patched shortcode security issue that allowed unclosed HTML elements in attributes
    • Fixed XML-RPC vulnerability that allowed private posts to be made sticky
    • Improved capabilities handling for orphaned comments
    • Fixed database query handling for tables with hyphens in their names

Migration Guide

No specific migration steps are required when updating to WordPress 3.9.9. This is a maintenance and security release that should be compatible with all existing WordPress 3.9.x installations.

To update:

  1. Back up your website files and database before updating
  2. Update through the WordPress admin dashboard or download the update package from wordpress.org
  3. Follow the standard WordPress update process

No database schema changes or template modifications are included in this release.

Upgrade Recommendations

Urgency: High

All WordPress 3.9.x users should update to version 3.9.9 immediately due to the security vulnerabilities addressed in this release. The security fixes patch potential XSS vulnerabilities and prevent possible exposure of private content.

While this is a maintenance release for the 3.9.x branch, users are generally encouraged to consider upgrading to the latest major WordPress version for access to new features, improved security, and ongoing support. However, if you must remain on the 3.9.x branch for compatibility reasons, updating to 3.9.9 is essential for maintaining security.

Bug Fixes

  • Capabilities Handling: Fixed an issue where WordPress would not properly handle capabilities for orphaned comments. The system now falls back to the edit_posts capability in these cases. (#33154)

  • Database Query Handling: Resolved a bug in the get_table_from_query() function that prevented it from finding table names with hyphens in them, which could cause issues with certain database operations. (#33470)

  • XML-RPC Functionality: Fixed an issue where private posts could be incorrectly set as sticky through the XML-RPC interface. (#20662)

New Features

No new features were introduced in this maintenance and security release. WordPress 3.9.9 focuses exclusively on fixing security vulnerabilities and addressing bugs present in previous 3.9.x versions.

Security Updates

  • List Table Email Protection: Fixed a security vulnerability where user emails in list tables weren't properly escaped, potentially allowing for XSS attacks.

  • Shortcode Security Enhancement: Patched a security issue that allowed unclosed HTML elements in shortcode attributes, which could potentially be exploited for cross-site scripting attacks.

  • XML-RPC Security Fix: Addressed a vulnerability in the XML-RPC system that incorrectly allowed private posts to be set as sticky, potentially exposing private content.

These security fixes address important vulnerabilities that could be exploited if left unpatched. It's strongly recommended that all WordPress 3.9.x users update to version 3.9.9 immediately.

Performance Improvements

This release does not include any specific performance improvements. The focus of WordPress 3.9.9 is on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 3.9.9 is primarily a security-focused maintenance release that addresses several important vulnerabilities. The update improves the security posture of WordPress 3.9.x installations by fixing potential XSS vulnerabilities in list tables and shortcode handling, as well as preventing private posts from being exposed through XML-RPC functionality.

For administrators and developers, the release also fixes issues with database queries involving hyphenated table names and improves capabilities handling for orphaned comments. These changes enhance the stability and security of WordPress installations without introducing any breaking changes or requiring modifications to existing themes or plugins.

The security fixes in this release are particularly important as they address vulnerabilities that could potentially be exploited to compromise WordPress sites. All users running WordPress 3.9.x should update to version 3.9.9 as soon as possible to protect their websites from these security risks.

Statistics:

File Changed13
Line Additions120
Line Deletions44
Line Changes164
Total Commits8

User Affected:

  • Enhanced security for admin interfaces with properly escaped user emails in list tables
  • Fixed capabilities handling for orphaned comments
  • Improved database query handling for tables with hyphens in their names

Contributors:

pentonbocean90helen