WordPress Release: 4.9.2

TL;DR

WordPress 4.9.2 is a security and maintenance release addressing 21 bugs from WordPress 4.9.1. Key fixes include taxonomy-related function regressions, widget improvements, REST API authentication handling, and media library enhancements. This update also improves PHP 7 compatibility and updates the copyright year to 2018.

This release is important for all WordPress users as it fixes several regressions introduced in 4.9, improves security with proper REST API authentication handling, and enhances overall stability. Site owners should update immediately to ensure proper functionality and security.

Highlight of the Release

• Fixed taxonomy-related function regressions from WordPress 4.9
• Improved REST API authentication handling with proper status codes
• Enhanced widget functionality and fixed Customizer issues
• Added FLAC audio file support to the media library
• Improved PHP 7 compatibility with mysqli database connections

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 4.9.2 is a backward-compatible update that fixes bugs and improves security.

After updating, site administrators should:

1. Test any custom themes or plugins that rely on taxonomy functions to ensure they work correctly with the fixed functions
2. Review any custom widgets to ensure they function properly with the widget-related fixes
3. Check media playback if you use audio files, especially if you plan to use the newly supported FLAC format

If you encounter any issues after updating, check the WordPress support forums for assistance.

Upgrade Recommendations

Immediate Update Recommended

WordPress 4.9.2 is a security and maintenance release that addresses 21 bugs from WordPress 4.9.1. All WordPress users should update immediately to benefit from these fixes and security improvements.

The update is particularly important for:

• Sites using custom themes that rely on taxonomy functions
• Sites with complex widget configurations
• Sites using REST API endpoints with custom permission callbacks
• Sites running on PHP 7

This is a minor update focused on bug fixes and security improvements, so the risk of update-related issues is minimal compared to the benefits of applying these fixes.

Bug Fixes

Taxonomy Function Fixes

Several taxonomy-related functions have been fixed to restore backward compatibility that was broken in WordPress 4.9:

• get_category_link() no longer does a strict taxonomy check, allowing it to work with non-category taxonomies as it did before 4.9
• get_tag_link() has been simplified to be a wrapper around the now taxonomy-agnostic get_category_link()
• get_the_category_by_ID() is now explicitly taxonomy-agnostic for backward compatibility
• category_description() has been restored to its previous behavior, with the $taxonomy parameter now deprecated
• term_description() signature has been updated to restore a deprecated argument

Widget Improvements

• Fixed a bug where widget mapping logic would try mapping empty sidebars, resulting in PHP warnings
• Fixed widget assignment restoration during theme switching
• Corrected an issue with the Custom HTML widget where the Save button wasn't properly enabled/disabled
• Fixed a 1px height increase when changing nav menu location assignment checkboxes

Editor Fixes

• Fixed TinyMCE editor width determination when in inline mode
• Added fallback titles for posts with no title in link suggestions
• Fixed a bug in Firefox when there is no selection for a hidden element

REST API Fixes

• Fixed authentication handling to return proper status codes (401) when permission callbacks fail due to users not being logged in
• Updated unit tests to expect correct status codes in error responses

Other Fixes

• Fixed the plugin details modal in the install plugin search tab
• Improved line wrapping in feature filter on Theme Install screen and in the Customizer
• Brought consistency to getimagesize() error suppression
• Removed unnecessary/obsolete MediaElement.js files
• Fixed the plugin details modal "Close" button
• Removed formatting and texturization on author bios for backward compatibility
• Removed an unnecessary comment in Twenty Seventeen's front-page.php

New Features

Added FLAC Audio Support

WordPress 4.9.2 adds FLAC (Free Lossless Audio Codec) to the list of allowed file types in the media library. This allows users to upload and use high-quality lossless audio files in their WordPress sites.

Improved Database Connectivity

The update now makes WordPress use mysqli when available, even on PHP versions below 5.5, instead of only in PHP 5.5+ and development installs. This provides better database connectivity and performance while maintaining backward compatibility with a fallback to mysql if needed.

Security Updates

REST API Authentication

WordPress 4.9.2 fixes an important security issue with REST API authentication handling. The update ensures proper status codes (401) are returned when permission callbacks fail due to users not being logged in, improving security by correctly handling authentication failures.

PHP Compatibility

The update addresses PHP linting errors in the Random_Compat library under PHP 7, improving compatibility and security when running WordPress on newer PHP versions.

Performance Improvements

Database Performance

The update improves database connectivity by using mysqli when available, even on PHP versions below 5.5. This can provide better performance and security compared to the older mysql extension.

File Handling During Updates

When deleting old files during WordPress updates, if deletion fails, the system will now attempt to empty the file instead. This helps ensure smoother updates even when file permissions might be restrictive.

Impact Summary

WordPress 4.9.2 delivers significant improvements to stability and security across multiple areas of the platform. The release fixes several regressions introduced in WordPress 4.9, particularly around taxonomy functions that affected theme developers and site functionality.

The security improvements to REST API authentication handling ensure proper responses for unauthenticated requests, which is critical for sites using custom REST API endpoints. Database connectivity enhancements with mysqli support improve both security and performance.

For content creators, fixes to the editor, link suggestions, and author bio handling restore expected behavior and improve the content creation experience. Site administrators will benefit from improved widget handling, better file management during updates, and enhanced theme feature filtering.

The addition of FLAC audio support expands media capabilities, while the removal of unnecessary MediaElement.js files helps reduce bloat. Overall, this maintenance release strengthens WordPress 4.9's foundation by addressing key regressions and enhancing security and compatibility.