WordPress Release: 4.4.2

TL;DR

WordPress 4.4.2 is a security and maintenance release that addresses several important bugs and security vulnerabilities from WordPress 4.4.1. This update includes fixes for comment pagination and threading issues, canonical redirect problems, multisite network caching, and security improvements for HTTP redirects and IP validation. The release also resolves issues with emoji rendering, taxonomy term caching, and search query handling.

This maintenance release is recommended for all WordPress sites running version 4.4.1 or earlier, with particular importance for multisite installations and sites with heavy comment usage.

Highlight of the Release

• Security improvements for HTTP redirects and IP validation
• Fixed multiple issues with comment pagination and threading
• Resolved canonical redirect problems that caused excessive redirects
• Fixed search query handling with long search strings
• Improved multisite network caching

Migration Guide

No specific migration steps are required when updating from WordPress 4.4.1 to 4.4.2. This is a standard maintenance release that can be applied through the WordPress automatic update system or by downloading the update and following the standard WordPress update procedure.

If you're using custom code that interacts with comments, particularly code that relies on comment pagination or hierarchical comment queries, you may want to test your functionality after updating to ensure everything works as expected with the fixes included in this release.

Upgrade Recommendations

It is strongly recommended that all WordPress sites running version 4.4.1 or earlier update to version 4.4.2 as soon as possible. This release includes important security fixes and bug fixes that improve the stability and security of your WordPress installation.

The update is particularly important for:

• Sites with heavy comment usage
• Multisite installations
• Sites using custom comment pagination or threading
• Sites with search functionality that handles long search queries

WordPress 4.4.2 can be downloaded from the WordPress.org website or updated directly from your WordPress dashboard.

Bug Fixes

Comment System Fixes

• Fixed an issue where wp_list_comments() would ignore custom pagination arguments
• Resolved a bug where explicitly passed $comments array to wp_list_comments() was being ignored
• Fixed comment descendant queries to properly inherit filter modifications
• Improved comment pagination calculation when comment threading is disabled
• Fixed hierarchical comment queries when comment threading is disabled

Query and Canonical Redirect Fixes

• Restored the is_404() check in wp_old_slug_redirect() to prevent excessive canonical redirects
• Fixed invalid SQL generation when building ORDER BY clauses with long search strings
• Ensured proper handling of negative search terms in queries

Taxonomy and Term Fixes

• Fixed term caching by properly cloning term objects before modification
• Ensured IPTC keywords in image metadata are properly UTF-8 encoded

UI and Interaction Fixes

• Fixed an issue in Quick Edit on taxonomy screens that caused page reloads when pressing Enter
• Prevented users from being erroneously directed to the login screen when closing the Customizer
• Improved the display of the "Clear Inactive Widgets" button to only show after the sidebar with inactive widgets

Multisite Fixes

• Fixed the networks cache group to be properly set as global
• Added the global cache group networks to restore_current_blog()

New Features

No significant new features were introduced in this maintenance release. WordPress 4.4.2 focuses on bug fixes and security improvements to enhance the stability and security of the 4.4 branch.

Security Updates

• Improved validation of URLs used in HTTP redirects to prevent potential security issues
• Enhanced IP validation to correctly identify invalid IP addresses (e.g., 0.1.2.3)
• Modified the emoji script to work around mod_security rules that could prevent pages with multiple instances of String.fromCharCode() from being served
• Fixed issues with the Random_Compat library to ensure proper compatibility with PHP versions and libsodium

Performance Improvements

• Improved comment query performance by avoiding unnecessary hierarchical queries when comment threading is disabled
• Enhanced term object caching with proper cloning of term objects
• Fixed issues with the WP_Comment_Query SQL generation that could lead to inefficient queries

Impact Summary

WordPress 4.4.2 is primarily a security and maintenance release that addresses several important issues in the 4.4 branch. The most significant impacts include:

1. Enhanced Security: Improved validation for HTTP redirects and IP addresses helps protect sites from potential security vulnerabilities.

2. Fixed Comment System: Multiple fixes to the comment system resolve issues with pagination, threading, and hierarchical queries that could affect sites with active comment sections.

3. Improved Canonical Redirects: The restoration of the is_404() check in wp_old_slug_redirect() prevents excessive redirects that were causing problems for some sites.

4. Better Search Handling: Fixed issues with search queries using long search strings that could result in invalid SQL.

5. Multisite Improvements: Enhanced network caching for multisite installations ensures proper functionality across network sites.

6. Emoji Compatibility: Worked around mod_security rules that could prevent pages with multiple emoji from loading properly.

These changes collectively improve the stability, security, and performance of WordPress 4.4 without introducing any breaking changes or requiring special migration steps.