WordPress Release: 4.2.11

TL;DR

WordPress 4.2.11 is a maintenance and security release that includes several important updates. It improves media handling with better filename-to-title conversion, enhances security with PHPMailer upgrades to version 5.2.22, adds nonce verification for widget accessibility mode, and fixes various bugs. This release focuses on security hardening, media improvements, and general maintenance updates.

Highlight of the Release

• PHPMailer upgraded to version 5.2.22 to address security vulnerabilities
• Improved media title generation from filenames with better space preservation
• Enhanced image filetype validation with new wp_get_image_mime() function
• Added nonce verification for widget accessibility mode
• Improved security in multisite signup key creation with wp_rand()

Migration Guide

Migration Notes

This maintenance release doesn't require any specific migration steps. It's a drop-in replacement for WordPress 4.2.10 with security and bug fixes.

If you're using custom code that interacts with the media upload process or image validation, you may want to review the changes to wp_check_filetype_and_ext() and the new wp_get_image_mime() function.

Upgrade Recommendations

Immediate upgrade recommended

This release contains important security fixes, particularly the PHPMailer upgrade to version 5.2.22. All WordPress 4.2.x sites should upgrade to 4.2.11 as soon as possible to ensure your site is protected against known vulnerabilities.

However, please note that WordPress 4.2.x is no longer receiving regular security updates. For the best security and features, we strongly recommend upgrading to the latest WordPress version available.

Bug Fixes

• Fixed theme name fallback markup: Corrected markup issues with theme name fallbacks in the admin interface.

• Improved wp-mail.php handling: Disabled wp-mail.php functionality when mailserver_url is set to the default value of mail.example.com, preventing potential misconfigurations.

• Fixed image filetype checking: Improved the validation process for image files during upload, with better MIME type detection and validation.

• Updated copyright year: Updated the copyright year to 2017 in license.txt.

New Features

New Functions and Improvements

• New wp_get_image_mime() function: Added for more efficient image type validation, using exif_imagetype() when available instead of the less performant getimagesize() function.

• Improved media title generation: When uploading media files, WordPress now better preserves spaces and creates cleaner, more accurate titles from filenames.

• Enhanced plugin translation: Plugin data on the Updates screen is now properly translated, improving the experience for non-English users.

Security Updates

• PHPMailer upgraded to 5.2.22: This update addresses security vulnerabilities in the email handling library. The full list of changes can be found in the PHPMailer GitHub repository.

• Added nonce verification for widget accessibility mode: Improves security by preventing CSRF attacks when using widget accessibility mode.

• Enhanced multisite signup security: Now using wp_rand() for signup key creation in multisite installations, providing more secure random number generation.

• Improved image file validation: Better validation of image files during upload helps prevent potential security issues related to malicious file uploads.

Performance Improvements

• More efficient image type validation: The new wp_get_image_mime() function uses exif_imagetype() when available, which is more performant than getimagesize() and doesn't require GD library dependency.

• Optimized PHPMailer: The upgrade to PHPMailer 5.2.22 includes various performance improvements in email handling.

Impact Summary

WordPress 4.2.11 is primarily a security and maintenance release that addresses several important issues. The most significant impact comes from the PHPMailer library upgrade to version 5.2.22, which fixes security vulnerabilities in the email handling system.

Content creators will benefit from improved media handling, with better filename-to-title conversion that preserves spaces and creates more accurate titles. The enhanced image filetype validation also makes media uploads more reliable.

For administrators, the addition of nonce verification in widget accessibility mode and improved random number generation for multisite signup keys enhances overall site security. Developers gain access to a new, more efficient image MIME type detection function.

While this release doesn't introduce major new features, it provides important security hardening and quality-of-life improvements that make WordPress more secure and reliable for all users.