WordPress Release: 4.2.36

TL;DR

WordPress 4.2.36 is a security release that addresses three important vulnerabilities: preventing unauthorized users from viewing comments on posts they can't access, restricting the AJAX handler for media shortcodes, and preventing potential object unserialization issues. This release is critical for maintaining site security and protecting user data.

Highlight of the Release

• Enhanced privacy by preventing unauthorized users from viewing comments on restricted posts
• Improved security for media shortcodes by restricting AJAX handler access
• Fixed potential security vulnerability related to object unserialization

Migration Guide

No migration steps are required for this update. This is a straightforward security release that can be applied through the standard WordPress update process without any additional configuration changes or adjustments needed.

Upgrade Recommendations

This release contains critical security fixes that protect your WordPress site from potential vulnerabilities.

Immediate upgrade is strongly recommended for all sites running WordPress 4.2.35 or earlier in the 4.2 branch. The security improvements in this release are essential for maintaining the security and integrity of your WordPress installation.

To update:

1. Back up your website files and database
2. Update through the WordPress dashboard or download the update from wordpress.org
3. Verify your site functionality after the update is complete

Bug Fixes

Security-Related Bug Fixes

• Comment Visibility: Fixed a bug that allowed users to see comments on posts they didn't have permission to view, ensuring proper content restriction
• Media Shortcode Handler: Restricted access to the AJAX handler for media shortcodes to prevent potential security exploits
• Object Unserialization: Addressed unintended behavior that could occur when certain objects are unserialized, preventing potential security vulnerabilities

New Features

No new features were introduced in this release. WordPress 4.2.36 focuses exclusively on security improvements and bug fixes to address specific vulnerabilities.

Security Updates

• Comment Privacy: Implemented proper access control checks to prevent unauthorized users from viewing comments on posts they don't have permission to access
• Media Shortcode Protection: Added restrictions to the AJAX handler for media shortcodes to prevent potential security exploits
• Object Unserialization Security: Fixed potential security issues related to object unserialization that could lead to unintended behavior

These security fixes were backported from more recent WordPress versions to ensure that sites running WordPress 4.2 remain secure.

Performance Improvements

No specific performance improvements were included in this release. The focus was on addressing security vulnerabilities rather than performance enhancements.

Impact Summary

WordPress 4.2.36 is a security-focused maintenance release that addresses three specific vulnerabilities without introducing new features or changing existing functionality. The update strengthens privacy controls around comments, enhances security for media shortcodes, and fixes potential object unserialization issues.

This release is part of WordPress's ongoing commitment to security for all supported versions. The changes were backported from more recent WordPress versions to ensure that sites still running WordPress 4.2 remain protected against known security vulnerabilities.

While the changes are focused on security rather than features, they represent important improvements to the platform's overall security posture and should be applied promptly to all WordPress 4.2 installations.