WordPress Release: 4.6.1

TL;DR

WordPress 4.6.1 is a security and maintenance release that addresses several critical bugs and security vulnerabilities from the 4.6 version. This update fixes issues with email sending, database character set handling, HTTP requests, and file upload security. It also resolves various UI and functionality issues in the editor, comments system, and post thumbnails preview.

This release is important for all WordPress site owners as it patches security vulnerabilities related to file uploads and improves stability across multiple core components. The update is recommended for all WordPress installations to ensure proper functionality and security.

Highlight of the Release

• Security fixes for file upload handling to prevent potential vulnerabilities
• Fixed email sending issues that could cause failures on some server environments
• Resolved database character set handling problems for better compatibility
• Improved HTTP request handling to fix various edge cases and warnings
• Fixed editor issues including jumpiness in Text mode and RTL toolbar alignment

Migration Guide

No specific migration steps are required when updating from WordPress 4.6 to 4.6.1. This is a maintenance and security release that should be applied through the standard WordPress update process:

1. Back up your WordPress site (files and database) before updating
2. Update through the WordPress admin dashboard (Dashboard → Updates)
3. Alternatively, download the update from wordpress.org and perform a manual update

If you were experiencing any of the specific issues mentioned in the bug fixes section, those should be resolved after updating to 4.6.1 without requiring additional configuration.

Upgrade Recommendations

Immediate Upgrade Recommended

This release contains important security fixes that address vulnerabilities in file upload handling. All WordPress users should update to version 4.6.1 immediately.

The update also fixes several critical bugs that could affect site functionality, including:

• Email sending issues
• Database character set handling
• HTTP request processing
• Editor functionality

This is a maintenance release compatible with existing WordPress 4.6 installations, and the update process should be smooth for most users. As always, backing up your site before updating is recommended as a best practice.

Bug Fixes

Email Functionality

• Fixed an issue in wp_mail() where setting the From header would also set the Sender field, causing emails to fail on some server environments

HTTP and Requests Library

• Updated Requests library to fix a logic inversion in cURL transport checks
• Fixed handling of non-string values in cookies, resolving a regression since 4.5
• Resolved an edge case in URI parsing where double slashes at the start of a path would cause malformed URLs to be passed to cURL

Database Handling

• Fixed undefined variable issues in wpdb::init_charset()
• Improved handling of unsupported character sets to prevent failures on incorrectly configured sites
• Added a check to ensure mysqli_set_charset() succeeds before proceeding

Editor and UI

• Fixed jumpiness when pressing backspace and delete in the Text editor
• Fixed toolbar alignment in RTL languages
• Updated the default font for Vietnamese (vi) locale to match the Hebrew (he_IL) font stack
• Fixed the <link> tag closure in wp_resource_hints()

Post and Comment Functionality

• Fixed an issue where post thumbnail previews would spill into other images
• Prevented error objects from being stored in cache in is_object_in_term()
• Fixed issues with comment descendant queries

System and Bootstrap

• Added a check for the existence of ini_get_all() before calling it, working around hosts that disable this function
• Fixed parameter handling in upgrade hooks after translation updates

External Libraries

• Updated minified version of jquery.masonry.js and added it to the grunt minification process

New Features

No significant new features were added in this maintenance release. WordPress 4.6.1 focuses on fixing bugs, addressing security vulnerabilities, and improving stability from the 4.6 release.

Security Updates

Critical Security Fixes

• File Upload Security: Sanitized file names in File_Upload_Upgrader to prevent potential security vulnerabilities during file uploads

• Media Upload Security: Improved sanitization of upload filenames in the media library to address security concerns

• HTTP Request Handling: Fixed issues in the Requests library that could potentially lead to malformed URLs being processed

These security fixes address vulnerabilities that could potentially be exploited by malicious actors. All WordPress users are strongly encouraged to update to version 4.6.1 immediately to protect their sites.

Performance Improvements

This release includes minor performance improvements:

• Better handling of database character sets, preventing unnecessary fallbacks and connection issues
• Improved cURL transport checks in the Requests library to avoid warnings and ensure proper functionality
• Fixed caching issues in is_object_in_term() to prevent error objects from being stored in cache
• More efficient handling of HTTP requests with proper URL formatting

Impact Summary

WordPress 4.6.1 is primarily a security and maintenance release that addresses several important issues from the 4.6 version. The most significant impact comes from the security fixes related to file upload handling, which protect sites from potential vulnerabilities.

The release also resolves several functional issues that were affecting users in specific environments:

1. Sites experiencing email delivery problems due to the Sender field configuration will now have proper email functionality.
2. Users with specific database character set configurations will see improved stability and compatibility.
3. Content creators will benefit from fixes to the editor, including resolved issues with text editing jumpiness and RTL toolbar alignment.
4. Administrators will see fewer warnings and errors related to HTTP requests and system functions.

Overall, this release improves the security, stability, and compatibility of WordPress 4.6 without introducing breaking changes or requiring significant adaptation from users or developers.