WordPress Release: 4.4.32

TL;DR

WordPress 4.4.32 is a maintenance and security release that addresses important issues in the core platform. This update improves installation processes by optimizing option serialization, enhances security by adding ZIP archive verification, and backports PHP string function polyfills for better compatibility with older PHP versions. These changes ensure WordPress 4.4 branch remains stable and secure for sites still running this version.

Highlight of the Release

• Improved installation process with optimized option serialization
• Enhanced security with ZIP archive verification for uploads
• Added polyfills for PHP string functions str_ends_with() and str_starts_with()

Migration Guide

No specific migration steps are required for this maintenance release. This is a backward-compatible update that focuses on security and bug fixes.

It is recommended to backup your site before updating, as with any WordPress update. After updating, verify that your site functions normally, especially if you use custom plugins that interact with file uploads or the WordPress installation process.

Upgrade Recommendations

This release contains important security enhancements and bug fixes. All WordPress 4.4 users should update to version 4.4.32 as soon as possible.

While WordPress 4.4 is an older branch and newer major versions are available, sites still running WordPress 4.4 should apply this update to maintain security and stability.

For optimal security and features, consider upgrading to the latest WordPress major version when possible.

Bug Fixes

Installation Process

• Fixed option serialization during installation
• Now using maybe_serialize() instead of always serializing options
• Prevents potential issues with option data handling
• Improves consistency in how options are stored during setup

Upload Handling

• Added verification for ZIP archives during uploads
• Improves security by validating ZIP file integrity
• Helps prevent malformed or malicious ZIP files from being processed

New Features

Polyfills for PHP String Functions

• Added polyfills for str_ends_with() and str_starts_with() PHP functions
• Improves compatibility with various PHP versions
• Backported from newer WordPress versions ([52040], [56016], and [56015])
• Allows developers to use these string functions regardless of PHP version

Security Updates

Enhanced Upload Security

• Added verification for ZIP archives during the upload process
• Helps prevent potential security issues with malformed or malicious ZIP files
• Validates file integrity before processing uploaded archives
• Reduces risk of security exploits through file uploads

Performance Improvements

Option Handling Optimization

• Improved option serialization during installation process
• Using conditional serialization (maybe_serialize()) instead of forced serialization
• Reduces unnecessary processing when storing options
• Ensures data is stored in the most appropriate format

Impact Summary

WordPress 4.4.32 is a targeted maintenance release that enhances security and stability for sites still running the 4.4 branch. The improvements to ZIP file verification directly address potential security vulnerabilities in the upload process, making this an important update for all WordPress 4.4 sites.

The optimization of option serialization during installation improves system consistency and prevents potential issues with data handling. While this primarily affects new installations, it contributes to the overall stability of the platform.

The addition of polyfills for PHP string functions improves compatibility across different PHP versions, which is particularly valuable for sites running on varied hosting environments. This ensures consistent functionality regardless of the underlying PHP version.

Overall, this release demonstrates WordPress's commitment to maintaining security and stability even for older branches, providing critical updates for sites that haven't yet upgraded to newer major versions.