WordPress Release: 4.2.30

TL;DR

WordPress 4.2.30 is primarily a maintenance release focused on build tools, testing infrastructure, and security improvements. The update transitions testing from TravisCI to GitHub Actions, adds support for NodeJS 14.x, introduces a Docker-based local development environment, and includes an important security fix for PHPMailer attachment handling. This release ensures WordPress 4.2 branch remains maintainable with modern development tools despite being an older branch.

Highlight of the Release

• Security fix for PHPMailer attachment handling
• Transition from TravisCI to GitHub Actions for automated testing
• Support for NodeJS 14.x in the 4.2 branch
• Introduction of Docker-based local WordPress development environment

Migration Guide

This is primarily a maintenance and security release for the WordPress 4.2 branch. No specific migration steps are required for most users.

For developers working with the 4.2 branch:

1. If you were using TravisCI for testing, you'll need to transition to GitHub Actions using the new workflow files.
2. Update your local Node.js environment to version 14.x when working with this branch.
3. Consider using the new Docker-based local development environment for a more consistent development experience.

Upgrade Recommendations

It is strongly recommended to upgrade to WordPress 4.2.30 as soon as possible due to the security improvements in PHPMailer attachment handling.

However, it's important to note that WordPress 4.2 is an older branch that is no longer receiving regular updates. For the best security, features, and performance, users should consider upgrading to the latest WordPress version if possible.

For sites that must remain on the 4.2 branch for compatibility reasons, this update is essential to maintain the best possible security posture.

Bug Fixes

• JavaScript Files Correction: Restored JavaScript files in the 4.2 branch to their correct state, fixing unintentional changes that were introduced in previous commits.
• Test Timeout Handling: Improved skipTestOnTimeout() function to handle more types of timeouts in HTTP tests, such as "Resolving timed out" and "Connection timed out".
• Node Version Consistency: Matched .nvmrc with the declared node engine in package.json and other configuration files for consistency.

New Features

Development Environment Improvements

• Docker-based Local Environment: Backported the Docker-based local WordPress development environment to the 4.2 branch, making it easier to develop and test with this older version.
• NodeJS 14.x Support: Updated the 4.2 branch to support the latest LTS version of NodeJS (14.x), allowing the same version to be used across all WordPress branches that receive security updates.
• GitHub Actions Integration: Introduced GitHub Actions workflow configuration files to run all of Core's automated testing, replacing the previous TravisCI setup.
• Improved Test Infrastructure: Added support for parallel testing jobs, workflow dispatch events for scheduled tests, and better branch and path scoping for GitHub Action workflows.

Security Updates

• PHPMailer Attachment Handling: Improved attachment handling in PHPMailer to address potential security vulnerabilities. This change enhances the security of email functionality within WordPress, particularly when dealing with file attachments.

Performance Improvements

• Test Execution Speed: Split single site and multisite tests into parallel jobs, significantly improving the speed of the test suite execution.
• Slow Tests Optimization: Separated slow tests into dedicated parallel jobs for PHP <= 5.6, improving overall test performance.
• Build Process Efficiency: Various improvements to the build process and dependency management, including the introduction of a package-lock.json file for more reliable builds.

Impact Summary

WordPress 4.2.30 represents a significant maintenance effort to keep an older branch secure and maintainable with modern development tools. The primary impact is for developers and contributors who work with this branch, who now have access to improved testing infrastructure through GitHub Actions, support for modern Node.js versions, and a Docker-based local development environment.

For site administrators, the most important aspect is the security improvement in PHPMailer attachment handling, which addresses potential vulnerabilities in email functionality.

This release demonstrates WordPress's commitment to maintaining security even for older branches, while also modernizing the development toolchain to ensure these branches remain maintainable. The transition from TravisCI to GitHub Actions represents the completion of a significant infrastructure migration for WordPress core development.