WordPress Release: 4.5.25

TL;DR

WordPress 4.5.25 brings important security and bug fixes to the 4.5 branch

This maintenance release focuses on security improvements through better sanitization in query components and safer data handling. It addresses potential vulnerabilities in WP_Tax_Query and WP_Meta_Query, improves how unserialize() is used during upgrades, and fixes encoding issues with post slugs. Additionally, it resolves a timing-related bug in GMT date handling tests. This update is recommended for all WordPress 4.5.x installations to maintain security and stability.

Highlight of the Release

• Enhanced security through improved sanitization in WP_Tax_Query and WP_Meta_Query
• Safer data handling by avoiding unnecessary use of unserialize()
• Fixed encoding of ASCII characters in post slugs
• Resolved timing-related issues in GMT date conversion tests

Migration Guide

No migration steps are required for this maintenance release. WordPress 4.5.25 is a backward-compatible update focused on security improvements and bug fixes.

Upgrade Recommendations

It is strongly recommended that all WordPress sites running on the 4.5 branch update to version 4.5.25 as soon as possible. This release contains important security fixes that help protect your site from potential vulnerabilities.

While WordPress 4.5 is an older branch and no longer receives regular updates, sites still running this version should apply this security update while planning to upgrade to a more recent, fully-supported WordPress version.

Bug Fixes

• Date/Time Handling: Implemented delta comparison in get_gmt_from_date() tests to avoid race conditions that could cause intermittent test failures.

• Post Slug Generation: Fixed an issue with ASCII character encoding in post slugs, ensuring proper URL formatting for posts with special characters.

• Test Stability: Resolved timing-related issues in GMT date conversion tests that could lead to inconsistent test results.

New Features

No new features were introduced in this maintenance release. WordPress 4.5.25 focuses on security improvements and bug fixes for the 4.5 branch.

Security Updates

• Query Sanitization: Improved sanitization within WP_Tax_Query to prevent potential security vulnerabilities related to taxonomy queries.

• Meta Query Protection: Enhanced sanitization within WP_Meta_Query to better protect against potential injection attacks.

• Safer Data Handling: Modified the upgrade/installation process to avoid using unserialize() unnecessarily, reducing the risk of object injection vulnerabilities.

These security improvements help protect WordPress sites from potential attacks that could exploit these components.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 4.5.25 is a security-focused maintenance release that addresses several potential vulnerabilities and fixes bugs in the 4.5 branch. The primary impact is improved security through better sanitization in query components (WP_Tax_Query and WP_Meta_Query) and safer data handling during upgrades by avoiding unnecessary use of unserialize().

The release also fixes encoding issues with ASCII characters in post slugs, ensuring proper URL formatting, and resolves timing-related issues in GMT date conversion tests. While this update doesn't introduce new features or significant changes to functionality, it's an important security update for sites still running WordPress 4.5.

Site administrators should apply this update promptly to protect their installations from potential security risks, even as they plan to upgrade to more recent, fully-supported WordPress versions.