WordPress Release: 4.2.27

TL;DR

WordPress 4.2.27 is a maintenance and security release that addresses several important issues. It improves user security by invalidating activation keys on password updates, fixes query issues with date/time-based searches, enhances cache API security through proper escaping, and improves UTF-8 character support in file names. The release also removes outdated tests and unused code to maintain a cleaner codebase. This update is important for maintaining site security and ensuring proper functionality of core WordPress features.

Highlight of the Release

• Improved security by invalidating user activation keys when passwords are updated
• Fixed query issues to ensure only a single post is returned on date/time based queries
• Enhanced UTF-8 character support in file names
• Improved cache API security with proper escaping

Migration Guide

No specific migration steps are required for this maintenance release. As with any WordPress update, it's recommended to:

1. Back up your website before updating
2. Update all themes and plugins to their latest versions
3. Test your website functionality after the update

This release does not contain breaking changes that would require code modifications in themes or plugins.

Upgrade Recommendations

This release contains important security fixes and bug fixes that improve the stability and security of WordPress 4.2. It is strongly recommended that all sites running WordPress 4.2.x update to version 4.2.27 as soon as possible.

While WordPress 4.2 is an older branch and no longer receives regular updates, sites that cannot upgrade to more recent major versions should at minimum apply this security update to mitigate potential vulnerabilities.

Bug Fixes

• Query System: Fixed an issue where date/time based queries could return multiple posts when only a single post should be returned, ensuring more accurate search results.

• File Handling: Enhanced the sanitize_file_name function to provide better support for UTF-8 characters, improving compatibility with international file names.

• Code Cleanup: Removed unused ::assertPostHasTerms() method from tests/term.php as the associated test was previously removed.

New Features

No significant new features were introduced in this maintenance release. The focus was on security enhancements, bug fixes, and code improvements.

Security Updates

• User Authentication: Enhanced security by ensuring that user activation keys are now properly invalidated when passwords are updated, reducing the risk of unauthorized access.

• Cache API: Improved security in the cache API by implementing proper escaping around the stats method, preventing potential security vulnerabilities.

• Query Protection: Fixed a vulnerability in date/time based queries that could potentially expose more data than intended by ensuring only a single post is returned when appropriate.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security enhancements, bug fixes, and code maintenance.

Impact Summary

WordPress 4.2.27 is primarily a security and maintenance release that addresses several important issues without introducing breaking changes. The security enhancements around user activation keys and cache API escaping help protect sites from potential vulnerabilities. The improvements to UTF-8 character handling in file names benefit users working with international content. Query fixes ensure more accurate results when performing date/time-based searches. While this is an incremental update to an older WordPress branch, the security fixes make it an important update for any sites still running WordPress 4.2.x. The code cleanup, including removal of outdated tests, helps maintain a cleaner and more efficient codebase.