HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

4.8.18

WordPress Release: 4.8.18

Tag Name: 4.8.18

Release Date: 1/6/2022

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 4.8.18 brings important security and bug fixes to the 4.8 branch

This maintenance release focuses on improving data sanitization in queries and fixing potential security vulnerabilities. Key improvements include better sanitization in WP_Tax_Query and WP_Meta_Query, avoiding unnecessary use of unserialize(), and fixing date/time handling to prevent race conditions. While this is a minor update in terms of new features, it addresses important security concerns that all WordPress 4.8.x users should apply.

Highlight of the Release

    • Improved security through better sanitization in WP_Tax_Query and WP_Meta_Query
    • Enhanced security by avoiding unnecessary use of unserialize()
    • Fixed encoding of ASCII characters in post slugs
    • Improved date/time handling to prevent race conditions in tests

Migration Guide

No specific migration steps are required for this update. This is a maintenance release that focuses on security improvements and bug fixes without introducing breaking changes to the WordPress 4.8 branch.

To update to WordPress 4.8.18:

  1. Back up your WordPress site (files and database)
  2. Update through the WordPress admin dashboard or download the update from wordpress.org
  3. Test your site functionality after the update

No changes to themes or plugins should be necessary as a result of this update.

Upgrade Recommendations

Priority: High

All users running WordPress 4.8.x are strongly encouraged to update to version 4.8.18 as soon as possible. This release contains important security fixes that address potential vulnerabilities in query sanitization and serialization handling.

While this is a maintenance release without feature additions, the security improvements make this an essential update for all WordPress 4.8 installations. The update process should be straightforward with minimal risk of compatibility issues.

For users on older branches, this update underscores the importance of keeping WordPress installations current with the latest supported versions to ensure ongoing security protection.

Bug Fixes

  • Date/Time Handling: Implemented delta comparison in get_gmt_from_date() tests to avoid race conditions that could cause intermittent test failures.

  • Post Slug Encoding: Fixed an issue with incorrect encoding of ASCII characters in post slugs, ensuring proper URL formatting and preventing potential issues with permalinks.

  • Query Sanitization: Addressed potential security issues by improving sanitization within both WP_Tax_Query and WP_Meta_Query classes, reducing the risk of SQL injection attacks.

New Features

No significant new features were introduced in this maintenance release. WordPress 4.8.18 focuses primarily on security improvements and bug fixes to the existing codebase.

Security Updates

  • Query Sanitization: Enhanced security by improving sanitization within WP_Tax_Query and WP_Meta_Query classes, reducing the risk of SQL injection vulnerabilities.

  • Serialization Security: Improved security by avoiding unnecessary use of unserialize() during upgrade and installation processes, reducing the risk of PHP object injection attacks.

  • Input Validation: Fixed encoding of ASCII characters in post slugs, preventing potential URL manipulation issues.

Performance Improvements

  • Serialization Handling: Improved performance and security by avoiding unnecessary use of unserialize() during upgrade and installation processes. This change reduces the risk of object injection attacks while potentially improving performance during these operations.

Impact Summary

WordPress 4.8.18 is a security-focused maintenance release that addresses several potential vulnerabilities in the WordPress core. By improving sanitization in taxonomy and meta queries, fixing serialization handling, and addressing date/time race conditions, this update strengthens the security posture of WordPress 4.8 installations.

The primary impact is enhanced protection against potential SQL injection and object injection attacks, which could otherwise be exploited by malicious actors. While these changes are largely invisible to end users, they represent important "under the hood" improvements that help maintain WordPress's security.

Site administrators should prioritize this update to ensure their WordPress installations remain protected against the addressed security concerns. The update is backward compatible and should not cause any disruption to existing functionality.

Statistics:

File Changed10
Line Additions48
Line Deletions19
Line Changes67
Total Commits4

User Affected:

  • Need to update their WordPress installations to ensure security vulnerabilities are patched
  • Will benefit from improved query sanitization that helps protect their sites from potential attacks
  • Should experience more reliable date/time handling in certain operations

Contributors:

SergeyBiryukovdesrosj