WordPress Release: 4.7.4

TL;DR

WordPress 4.7.4 is a maintenance and security release that addresses 47 bugs and enhances performance across the platform. Key improvements include fixes to the REST API, Customizer, media handling, and Twenty Seventeen theme. This release focuses on improving stability, fixing regressions from previous versions, and enhancing the developer experience with better testing tools.

This update is recommended for all WordPress 4.7.x users as it addresses several important issues that could affect site functionality and security.

Highlight of the Release

• Fixed REST API issues including adding timezone information and allowing multiple users/terms fetching via slug parameter
• Improved Customizer experience with better navigation, section expansion, and validation
• Enhanced media handling with better MIME type detection and fixes for audio/video functions
• Added performance improvements for multisite installations and media library queries
• Fixed Twenty Seventeen theme issues with heading hierarchy and jQuery dependency

Migration Guide

No specific migration steps are required for this update. This is a maintenance and bug fix release that should be compatible with existing WordPress 4.7.x installations.

However, if you've built custom code that interacts with the REST API, you may want to review the following changes:

1. The base /wp-json response now includes gmt_offset and timezone_string properties
2. The REST API now supports fetching multiple users or terms at once via the slug parameter
3. Missing REST API properties have been added to WP_Taxonomy and WP_Post_Type classes

If you've been experiencing issues with term relationships and caching, note that term query caches are now properly invalidated when setting or deleting term relationships.

Upgrade Recommendations

This update is recommended for all WordPress 4.7.x users. WordPress 4.7.4 contains important bug fixes and security enhancements that improve the stability and performance of your site.

The update addresses 47 bugs across various components of WordPress, including the REST API, Customizer, media handling, and the Twenty Seventeen theme. It also includes performance improvements for multisite installations and media library queries.

As with any WordPress update, it's recommended to:

1. Back up your website before updating
2. Update all themes and plugins to their latest versions
3. Test your site functionality after the update

If you're running an earlier version of WordPress (4.6.x or earlier), consider updating to the latest version of WordPress for the most current features and security improvements.

Bug Fixes

REST API Fixes

• Fixed formatting of $taxonomies parameter of 'wp_get_object_terms' filter
• Fixed issue with parent post object validation for attachments
• Fixed date handling for draft posts using get_gmt_from_date() to prevent DST issues
• Added missing REST API properties to WP_Taxonomy and WP_Post_Type classes

Customizer Fixes

• Fixed navigation of site in preview on IE11 for both HTTP and HTTPS
• Fixed failure to collapse expanded sections and panels that become deactivated
• Fixed reversal of nav menu item's type and object properties for page stubs
• Fixed behavior when clicking Delete Menu link and kept available nav menu items panel open during bulk deletion
• Fixed validation issues where client-side validation was being cleared incorrectly
• Fixed selective refresh when customizing the 404 template
• Used get_user_locale() in customizer body class for proper localization
• Fixed handling of history.replaceState in IE9
• Prevented links to customize.php from having removable query vars
• Hardened site_icon control template to account for missing full image size
• Used is_header_video_active() as active_callback for external_header_video control
• Trailingslashed the home nav menu item URL in starter content to prevent redirect issues

Media Fixes

• Improved handling of non-image files in wp_get_image_mime()
• Fixed broken audio/video functions when sanitizing ID3 data
• Ensured Crop Image button is always visible in the media modal

UI/UX Fixes

• Fixed minor misalignments caused by the button-link CSS class
• Fixed the Tag suggestions position on the Bulk Edit textarea

Theme Fixes

• Twenty Seventeen: Corrected heading hierarchy for posts on the front page
• Twenty Seventeen: Declared jQuery as a dependency for navigation.js
• Twenty Seventeen: Used esc_attr_e() for translatable strings in HTML attributes

Other Fixes

• Fixed term query caches invalidation when setting or deleting term relationships
• Fixed multisite cache invalidation for option updates
• Ensured PasswordHash class is only loaded once
• Fixed list table checkbox range selection

New Features

REST API Enhancements

• Added gmt_offset and timezone_string to the base /wp-json response, providing important timezone information for API clients
• Added support for fetching multiple users at once via the slug parameter
• Added support for fetching multiple terms at once via the slug parameter

Theme Improvements

• Added filter theme_scandir_exclusions for excluding directories from being scanned for template files
• Excluded 'node_modules' directories from paths searched in WP_Theme::scandir()

Media Library Enhancements

• Added filters to allow overriding slow media queries that perform full table scans

Build/Test Tools Improvements

• Added assertNotFalse() method to WP_UnitTestCase for better testing capabilities

Security Updates

Authentication and Security

• Fixed an issue with cookie handling on multisite installations that could potentially lead to authentication problems
• Avoided a potentially incorrect value for the cookie hash on multisite installations that don't have a value in the siteurl network option
• Updated TinyMCE to version 4.5.6, which includes security fixes

Performance Improvements

Build/Test Tools Performance

• Disabled Xdebug when testing on Travis to increase performance
• Reversed the order in which Travis jobs run to prioritize faster test jobs
• Updated Travis configuration to use the node version specified in package.json
• Improved PHPUnit version handling for different PHP versions

Media Library Performance

• Added filters to allow overriding slow media queries that perform full table scans of attachment posts

Multisite Performance

• Improved multisite cache invalidation by handling it more granularly for option updates
• Prevented unnecessary invalidation of a site's entire cache when only specific options change

Impact Summary

WordPress 4.7.4 is a significant maintenance release that addresses 47 bugs and enhances performance across multiple areas of the platform. The update focuses on improving stability, fixing regressions from previous versions, and enhancing the developer experience.

Key improvements include:

1. REST API Enhancements: Added timezone information to the base response and support for fetching multiple users/terms via slug parameter, making the API more robust and flexible for developers.

2. Customizer Improvements: Fixed numerous issues with navigation, validation, and UI behavior, particularly addressing problems in IE11 and improving the user experience.

3. Performance Optimizations: Enhanced multisite cache invalidation, improved test performance, and added filters to override slow media queries.

4. Media Handling: Fixed MIME type detection, audio/video function issues with ID3 data, and ensured the Crop Image button is always visible.

5. Twenty Seventeen Theme Fixes: Corrected heading hierarchy, added proper jQuery dependency, and improved attribute escaping.

This release demonstrates WordPress's commitment to maintaining backward compatibility while addressing bugs and improving performance. The changes are particularly beneficial for site administrators managing multisite installations, content creators working with media, and developers building with the REST API.