HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

4.2.2

WordPress Release: 4.2.2

Tag Name: 4.2.2

Release Date: 5/7/2015

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 4.2.2 is a security and maintenance release that addresses several critical issues including a potential XSS vulnerability in Genericons, fixes for emoji handling, database character set conversion improvements, and various bug fixes. This update is crucial for all WordPress sites to maintain security and stability.

Highlight of the Release

    • Security fix for Genericons example.html files that could be used for XSS attacks
    • Multiple emoji handling improvements for IE9/10 compatibility and loading errors
    • Database character set conversion improvements for utf8mb4
    • Performance optimization for term hierarchy operations
    • Fixed SSL handling for attachment URLs

Migration Guide

No specific migration steps are required for this maintenance release. Simply update to WordPress 4.2.2 through your dashboard or by downloading the update from wordpress.org.

If you're using custom themes or plugins that rely on Genericons, you should ensure they don't include the vulnerable example.html file.

Upgrade Recommendations

This release contains important security fixes, so it is strongly recommended that all WordPress sites running version 4.2.1 or earlier update to version 4.2.2 immediately.

The update process should be smooth for most users as this is primarily a security and bug fix release. As always, it's recommended to back up your site before performing any update.

Bug Fixes

  • Emoji Handling:

    • Fixed infinite loop when replacement images fail to load
    • Added support for IE9 and IE10 with fallbacks for loading events
    • Added exclude class for wp-emoji to prevent issues with the Text editor resizing div

  • Editor Improvements:

    • Fixed Mac keyboard shortcut for saving from the visual editor

  • Database Handling:

    • Fixed handling of queries that reference tables in dbname.tablename format
    • Improved character set conversion for database tables
    • Fixed index conversion issue on wp_signups table when converting to utf8mb4
    • Added safeguards to prevent content loss with unintelligible DB schemas

  • Media Handling:

    • Fixed attachment URLs to only force SSL on the front end, not in the dashboard
    • Updated YouTube oEmbed test to expect HTTPS URLs

  • File System:

    • Fixed temporary file handling to prevent infinite self-calling loops

  • Performance:

    • Improved performance of loop detection in _get_term_children() by using array keys instead of in_array()
    • Reduced memory usage for UTF-8 regex on low memory machines

New Features

No significant new features were introduced in this maintenance release. WordPress 4.2.2 focuses on security fixes, bug fixes, and performance improvements to the existing functionality.

Security Updates

  • Genericons Vulnerability: Removed Genericons example.html files from WordPress core and bundled themes (Twenty Fifteen, Twenty Fourteen, etc.) that could potentially be used for XSS (Cross-Site Scripting) attacks.

  • Database Security: Improved the handling of database character sets and column conversions to prevent potential data loss or corruption during upgrades.

  • HTTPS Handling: Updated YouTube oEmbed to always use HTTPS URLs, improving security for embedded content.

Performance Improvements

  • Term Hierarchy Operations: Significantly improved the performance of loop detection in _get_term_children() by using array keys with isset() instead of the slower in_array() function. This also avoids the use of wp_list_pluck() on large arrays and prevents duplicate entries.

  • Memory Usage: Reduced memory consumption for UTF-8 regex operations, which is particularly beneficial for sites running on low-memory servers.

  • Database Queries: Optimized database character set checking by skipping unnecessary checks for queries that don't return user data, improving overall performance.

Impact Summary

WordPress 4.2.2 is a critical security and maintenance release that addresses several important issues. The most significant impact is the removal of a potential XSS vulnerability in Genericons example files, which affects both WordPress core and bundled themes.

The release also significantly improves emoji handling across different browsers, particularly in Internet Explorer 9 and 10, and fixes issues with the WordPress database layer's handling of UTF-8 character sets and table names. These improvements enhance compatibility and prevent potential data loss during upgrades.

Performance optimizations for term hierarchy operations will benefit sites with complex taxonomies and large numbers of terms. The fix for attachment URL handling with SSL improves the experience for sites that use HTTPS in the admin area but not necessarily on the front end.

Overall, this release strengthens WordPress's security posture, improves cross-browser compatibility, and enhances database handling without introducing any breaking changes.

Statistics:

File Changed30
Line Additions927
Line Deletions1,876
Line Changes2,803
Total Commits24

User Affected:

  • Need to update to address security vulnerabilities
  • Will experience improved database handling for UTF-8 character sets
  • Will benefit from fixes to emoji functionality across browsers

Contributors:

dd32azaozzpentoboonebgorgesaaronjorbinocean90mdawaffenacinhelen