WordPress Release: 4.0.34

TL;DR

WordPress 4.0.34 is a security and maintenance release that addresses several important vulnerabilities. It improves sanitization within the WP_Tax_Query class, removes unnecessary usage of unserialize() during installation, and fixes encoding issues with ASCII characters in post slugs. This release is critical for maintaining the security and stability of WordPress 4.0.x installations.

Highlight of the Release

• Improved security through better sanitization in the WP_Tax_Query class
• Enhanced installation security by reducing usage of unserialize()
• Fixed encoding of ASCII characters in post slugs

Migration Guide

No specific migration steps are required for this update. This is a standard security and maintenance release that can be applied through the normal WordPress update process.

To update:

1. Back up your WordPress site (files and database)
2. Update through the WordPress admin dashboard or manually download and install the update
3. Verify your site functionality after the update is complete

Upgrade Recommendations

Priority: High

All WordPress 4.0.x users should update to version 4.0.34 as soon as possible due to the security fixes included in this release. The update addresses important security vulnerabilities that could potentially be exploited if left unpatched.

While WordPress 4.0.x is an older branch and no longer receives regular updates, sites still running this version should apply this security update while planning for an upgrade to a more current WordPress version.

Bug Fixes

• Post Slug Encoding: Fixed an issue where ASCII characters were not being correctly encoded in post slugs, which could cause problems with URLs and permalinks.

• Taxonomy Query Sanitization: Addressed sanitization issues within the WP_Tax_Query class that could potentially lead to unexpected behavior or security vulnerabilities.

• Installation Process: Fixed potential security issues by removing unnecessary usage of unserialize() during WordPress installation and upgrade processes.

New Features

No significant new features were added in this release. WordPress 4.0.34 focuses on security improvements and bug fixes for the 4.0.x branch.

Security Updates

• Improved Sanitization in WP_Tax_Query: Enhanced the sanitization process within the WP_Tax_Query class to prevent potential security vulnerabilities that could be exploited.

• Reduced unserialize() Usage: Removed unnecessary usage of the unserialize() function during installation and upgrade processes, which helps prevent potential PHP object injection attacks.

• Encoding Improvements: Fixed encoding of ASCII characters in post slugs, which could potentially be used in certain attack vectors.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security enhancements and bug fixes.

Impact Summary

WordPress 4.0.34 is primarily a security-focused release that addresses several vulnerabilities in the 4.0.x branch. The improvements to sanitization in the WP_Tax_Query class and the removal of unnecessary unserialize() usage during installation help protect WordPress sites from potential security threats. The fix for ASCII character encoding in post slugs ensures more reliable URL handling.

While this update is important for sites running WordPress 4.0.x, it's worth noting that this is an older branch of WordPress. Site owners should consider upgrading to a more current version of WordPress that receives regular updates and security patches. This release represents ongoing commitment to security even for older WordPress versions.