HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

4.3.5

WordPress Release: 4.3.5

Tag Name: 4.3.5

Release Date: 6/21/2016

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 4.3.5 is a security and maintenance release that addresses several important security vulnerabilities and bug fixes. This update focuses on improving security by properly escaping URLs and attachment names, enhancing permission checks for taxonomy and revision operations, and fixing issues with URL handling in the Customizer. The release is recommended for all WordPress sites to maintain security and stability.

Highlight of the Release

    • Security improvements for URL handling and escaping
    • Enhanced permission checks for taxonomy operations and revision diffs
    • Better handling of media files with extensionless filenames
    • Improved URL validation in the Customizer

Migration Guide

No specific migration steps are required for this update. WordPress 4.3.5 is a maintenance and security release that should not affect existing functionality or require changes to themes or plugins.

To update to WordPress 4.3.5:

  1. Back up your website files and database before updating
  2. Update through the WordPress admin dashboard or download the update package from wordpress.org
  3. Follow the standard WordPress update process

No additional configuration changes are needed after updating.

Upgrade Recommendations

This release contains important security fixes, so it is strongly recommended that all WordPress sites running version 4.3.x update to version 4.3.5 as soon as possible.

For sites running WordPress 4.4 or newer, these security fixes have likely been incorporated into those versions, but it's always best practice to run the latest version of WordPress available for your site.

The update process should be straightforward with no known compatibility issues. As always, backing up your site before updating is recommended as a precautionary measure.

Bug Fixes

  • Customizer: Fixed issues with preview and return URLs by ensuring they are valid URLs before processing
  • Media: Improved handling of extensionless filenames to prevent potential issues when uploading certain file types
  • Admin: Fixed inconsistent filtering of auth_redirect_scheme to ensure proper authentication redirects
  • Taxonomy: Addressed an issue with category data processing during post save operations by implementing more specific capability checks

New Features

No significant new features were introduced in this maintenance release. WordPress 4.3.5 focuses primarily on security enhancements and bug fixes to improve the stability and security of existing functionality.

Security Updates

  • Admin: Implemented proper escaping for attachment names containing special characters to prevent potential XSS vulnerabilities
  • Admin: Enhanced URL escaping for permalinks in admin screens to prevent potential security issues
  • Revisions: Changed the capability required to view revision diffs from a general capability to the more specific edit_post permission
  • Taxonomy: Implemented more specific capability checks when processing category data on post save to prevent unauthorized modifications

Performance Improvements

No specific performance improvements were included in this release. WordPress 4.3.5 primarily focuses on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 4.3.5 is primarily a security-focused maintenance release that addresses several important vulnerabilities and bugs. The security improvements focus on proper escaping of user-generated content and URLs, along with enhanced permission checks for various operations.

The changes in this release help protect WordPress sites from potential cross-site scripting (XSS) attacks by properly escaping attachment names and permalinks. It also improves the security model by implementing more specific capability checks for taxonomy operations and revision diffs, ensuring that only users with appropriate permissions can perform these actions.

For most users, this update will be transparent with no visible changes to functionality. However, the security enhancements provide important protection against potential vulnerabilities, making this an essential update for all WordPress 4.3.x sites.

This release demonstrates WordPress's ongoing commitment to security and stability through regular maintenance updates.

Statistics:

File Changed13
Line Additions52
Line Deletions24
Line Changes76
Total Commits9

User Affected:

  • Improved security when handling attachments with special characters
  • More consistent filtering of authentication redirect schemes
  • Enhanced URL escaping for permalinks in admin screens

Contributors:

jeremyfeltocean90boonebgorgesnbrachelbakerjoemcgillaaronjorbin