WordPress Release: 4.6.10

TL;DR

WordPress 4.6.10 brings important maintenance updates focusing on file handling during upgrades and cleanup of obsolete MediaElement.js files. This release addresses two specific issues: improving the upgrade process when file deletion fails and removing unnecessary media library files to enhance security and reduce bloat.

Highlight of the Release

• Improved upgrade process reliability by implementing fallback file handling when deletion fails
• Enhanced security posture by removing unnecessary MediaElement.js files
• Fixed two specific bugs related to file handling and external libraries

Migration Guide

No specific migration steps are required for this update. This is a standard maintenance release that can be applied through the normal WordPress update process.

As always, it's recommended to:

1. Back up your WordPress site before updating
2. Update through the WordPress admin dashboard or via your preferred method
3. Test your site functionality after the update is complete

Upgrade Recommendations

This update is recommended for all WordPress 4.6.x users as it addresses important file handling issues during upgrades and removes unnecessary files that could pose security risks.

While WordPress 4.6.x is no longer receiving active development (current version is 6.x), sites still running 4.6.x should apply this update for improved stability and security. However, for optimal security and features, upgrading to the latest WordPress major version is strongly encouraged.

Bug Fixes

Upgrade Process Improvements

Fixed an issue where the WordPress upgrade process could fail when attempting to delete old files. Now, if file deletion fails (often due to permission issues), WordPress will attempt to empty the file instead, allowing the upgrade to continue successfully. This addresses ticket #42963.

MediaElement.js Cleanup

Removed unnecessary and obsolete MediaElement.js files from the WordPress core. These files were no longer needed and their removal helps reduce potential security vulnerabilities while cleaning up the codebase. This addresses ticket #42720.

New Features

No new features were introduced in this maintenance release. WordPress 4.6.10 focuses exclusively on bug fixes and security improvements.

Security Updates

The removal of unnecessary and obsolete MediaElement.js files helps improve the security posture of WordPress installations by reducing the attack surface. While not addressing a specific vulnerability, this proactive cleanup removes code that could potentially be targeted in the future.

Performance Improvements

This release includes minor performance improvements through the removal of unnecessary MediaElement.js files, which slightly reduces the WordPress core footprint. However, no significant performance optimizations were specifically targeted in this maintenance release.

Impact Summary

WordPress 4.6.10 is a targeted maintenance release that improves the robustness of the WordPress upgrade process and enhances security through code cleanup. The impact is primarily positive for site administrators, particularly those who have experienced upgrade failures due to file permission issues in the past.

The changes to the upgrade process make WordPress more resilient when operating in environments with restrictive file permissions, which is especially valuable for sites hosted on shared hosting platforms or with strict security configurations.

The removal of unnecessary MediaElement.js files represents WordPress's ongoing commitment to security through code reduction and maintenance, following the principle that removed code cannot contain vulnerabilities.

Overall, while modest in scope, this release demonstrates WordPress's commitment to maintaining even older branch versions with important stability and security improvements.