WordPress Release: 4.7.18

TL;DR

WordPress 4.7.18 is a maintenance release that addresses several important issues across different areas of the platform. This update focuses on security improvements, bug fixes, and enhancements to core functionality including embeds, editor, formatting, themes, and administration. The release backports several commits to ensure that the 4.7 branch remains secure and stable.

Highlight of the Release

• Enhanced security with improved redirect validation in wp_validate_redirect()
• Fixed embed functionality to ensure title attributes are set correctly
• Added new filter hook to extend set-screen-option functionality
• Improved editor context to prevent unwanted HTML decoding
• Better handling of broken theme names

Migration Guide

No migration steps are required for this maintenance release. WordPress 4.7.18 is a backward-compatible update that can be safely applied to existing WordPress 4.7.x installations.

Upgrade Recommendations

Immediate Upgrade Recommended

All WordPress sites running version 4.7.x should upgrade to version 4.7.18 immediately. This release contains important security enhancements and bug fixes that improve the stability and security of your WordPress installation.

Note that WordPress 4.7.x is an older branch of WordPress. If possible, sites should consider upgrading to the latest major version of WordPress for access to the most recent features, security updates, and performance improvements.

Bug Fixes

Embed Improvements

Fixed an issue where title attributes were not being set correctly on embeds, ensuring proper accessibility and user experience when embedding content.

Editor Fixes

Resolved an HTML decoding issue by setting the proper editor context, preventing unwanted character transformations when editing content.

Theme Handling

Fixed a bug where broken theme names weren't being returned properly, improving error handling and providing better feedback when theme issues occur.

Formatting Enhancements

Improved the wp_validate_redirect() function to sanitize a wider variety of characters, enhancing security when handling redirects.

New Features

New Filter for Screen Options

A new filter hook has been added to extend the set-screen-option functionality in the WordPress administration area. This enhancement gives developers more control over screen options and how they're saved, allowing for more customized admin experiences.

Security Updates

Enhanced Redirect Validation

The wp_validate_redirect() function has been improved to sanitize a wider variety of potentially dangerous characters. This enhancement helps prevent redirect-based attacks by ensuring that redirects are properly validated before being processed, reducing the risk of malicious redirects.

Performance Improvements

No specific performance improvements were highlighted in this maintenance release. The focus was primarily on security enhancements, bug fixes, and functionality improvements.

Impact Summary

WordPress 4.7.18 is a security and maintenance release that addresses several important issues across the platform. The update improves security through enhanced redirect validation, fixes bugs in embeds and the editor, and adds new developer capabilities through an additional filter hook.

While this is a relatively small update (95 changes across 7 files), it addresses important functionality and security concerns that affect core WordPress operations. The security improvements to redirect validation are particularly important as they help prevent potential redirect-based attacks.

For sites still running on the 4.7.x branch, this update is essential to maintain security and stability. However, site owners should also consider upgrading to the latest major WordPress version for comprehensive security coverage and access to newer features.