WordPress Release: 4.6.2

TL;DR

WordPress 4.6.2 is a maintenance and security release that addresses several important issues. It includes critical security updates to PHPMailer, improvements to database character set handling, HTTP request functionality, and media file handling. This release also enhances widget accessibility and fixes various bugs affecting media titles, theme display, and plugin updates.

This update is recommended for all WordPress sites to ensure security and stability. The release focuses primarily on behind-the-scenes improvements rather than new features, with security fixes being the most critical component.

Highlight of the Release

• Security update to PHPMailer to version 5.2.22
• Improved database character set handling with fallback from utf8mb4 to utf8
• Enhanced HTTP request functionality fixing multiple SSL and connection issues
• Better media title generation from filenames
• Added security nonce for widget accessibility mode
• Improved image filetype validation

Migration Guide

This maintenance and security release doesn't require any specific migration steps. The update process follows the standard WordPress update procedure:

1. Backup your site: Always create a complete backup of your files and database before updating.

2. Update through WordPress Dashboard:

   • Navigate to Dashboard > Updates
   • Click "Update Now"
   • Wait for the process to complete

3. Alternative manual update:

   • Download WordPress 4.6.2 from the WordPress.org website
   • Follow the manual update instructions in the WordPress Codex

No database schema changes are included in this release, so no additional steps are required after updating.

Upgrade Recommendations

Immediate upgrade is strongly recommended for all WordPress sites running version 4.6.1 or earlier.

This release contains critical security fixes, particularly to the PHPMailer library, which could affect the security of your WordPress installation. The bug fixes for database character set handling and HTTP requests also address important functionality issues that could impact site stability.

The update process is straightforward and should not cause any disruption to your site's functionality. As always, performing a backup before updating is recommended as a best practice.

Bug Fixes

• Database character set handling: Fixed an issue where using utf8mb4 on systems that don't support it would cause character set failures, now properly falling back to utf8.

• HTTP Requests library fixes:

  • Fixed connecting to SSL resources on ports other than 443
  • Fixed sending default ports in the Host: header
  • Fixed matching and decoding of chunked responses
  • Fixed SSL connections when verification is disabled
  • Added proper encoding handling with mbstring.func_overload

• Theme display issues: Fixed markup for theme name fallbacks.

• Mail functionality: Disabled wp-mail.php when mailserver_url is set to the default example value.

• Image filetype validation: Improved checking to properly validate image files and return appropriate values.

New Features

New Functions and Improvements

• New wp_get_image_mime() function: Added to improve image filetype validation using exif_imagetype() when available, falling back to getimagesize() for better performance and reduced dependency on GD.

• Enhanced media title generation: When uploading media files, the system now preserves spaces and creates cleaner, more accurate titles from filenames.

• Improved plugin data translation: Plugin information on the Updates screen is now properly translated.

Security Updates

• PHPMailer update to 5.2.22: Addresses security vulnerabilities in the mail handling system. This is a critical security update that all WordPress sites should apply.

• Widget accessibility mode security: Added nonce verification for widget accessibility mode to prevent potential CSRF attacks.

• Multisite signup security: Enhanced security in signup key creation by using wp_rand() for better randomization.

• Mail server configuration protection: Disabled wp-mail.php when the default example mail server URL is used, preventing potential misuse.

Performance Improvements

• Image processing optimization: Replaced getimagesize() with exif_imagetype() when available for image MIME type detection, which is more performant and reduces dependency on the GD library.

• HTTP request handling: Multiple improvements to the HTTP Requests library for better performance and reliability across different server configurations.

• Database character set handling: More efficient handling of character sets with proper fallback mechanisms, preventing connection issues and potential performance problems.

Impact Summary

WordPress 4.6.2 is primarily a security and maintenance release that addresses several important issues without introducing new features. The most significant impact comes from the security updates to PHPMailer, which protect sites from potential vulnerabilities.

For site administrators, the improved database character set handling ensures better compatibility across different MySQL configurations, particularly when utf8mb4 isn't supported. The HTTP request improvements fix several issues with SSL connections, chunked responses, and hostname verification, which enhances the reliability of external connections.

Content creators will benefit from improved media title generation and better image filetype validation. The changes to media titles are particularly helpful for maintaining clean, readable titles when uploading files with spaces in their names.

Developers will appreciate the more robust HTTP request handling and the new wp_get_image_mime() function, which provides better performance for image type detection.

Overall, this release focuses on behind-the-scenes improvements rather than user-facing features, with an emphasis on security, stability, and compatibility across different server environments.