WordPress Release: 5.0.21

TL;DR

WordPress 5.0.21 brings important security and functionality improvements to the 5.0 branch

This maintenance release focuses on two key areas: optimizing the installation process by improving option serialization and enhancing security by adding ZIP archive verification. Additionally, it backports PHP string function polyfills for better compatibility with older PHP versions. These changes primarily benefit site administrators and developers working with WordPress 5.0.x installations, providing more reliable and secure operations without introducing breaking changes.

Highlight of the Release

• Improved option serialization during installation process
• Enhanced security with ZIP archive verification
• Backported polyfills for PHP string functions (str_ends_with() and str_starts_with())

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 5.0.21 is a backward-compatible update to the 5.0 branch that can be applied through the standard WordPress update process.

If you're developing plugins or themes that interact with the WordPress installation process or file upload system, you may want to review your code to ensure compatibility with the improved option serialization and ZIP verification features.

Upgrade Recommendations

It is strongly recommended that all WordPress 5.0.x users upgrade to version 5.0.21 as soon as possible due to the security improvements included in this release.

While WordPress 5.0 is no longer the current major version (WordPress 6.x is the latest major release), this maintenance update provides important security enhancements for sites that haven't yet upgraded to newer major versions.

The update process follows the standard WordPress update procedure and should not cause any disruption to your site's functionality.

Bug Fixes

Installation Process Improvements

Fixed an issue in the installation process where options were always being serialized regardless of whether serialization was necessary. The update now uses maybe_serialize() instead of always serializing options, which:

• Prevents unnecessary serialization of data
• Improves data consistency during installation
• Reduces potential issues with option retrieval after installation

New Features

Backported PHP String Function Polyfills

WordPress 5.0.21 introduces polyfills for two PHP string functions:

• str_ends_with(): Checks if a string ends with a given substring
• str_starts_with(): Checks if a string starts with a given substring

These polyfills improve compatibility with older PHP versions that don't natively support these functions, allowing developers to use modern string handling techniques regardless of the PHP version running on the server.

Security Updates

Enhanced ZIP Archive Verification

This release adds important security improvements to the file upload system:

• Added verification checks specifically for ZIP archives
• Implemented additional validation to ensure uploaded ZIP files meet security requirements
• Reduced the risk of malicious ZIP files being uploaded to WordPress sites

This enhancement helps protect sites from potential security vulnerabilities related to ZIP file uploads, which could otherwise be exploited by malicious actors.

Performance Improvements

Option Serialization Optimization

The change from always serializing options to using maybe_serialize() during installation provides a minor performance improvement by:

• Avoiding unnecessary serialization operations
• Reducing processing overhead during the installation process
• Storing data in a more efficient format when serialization isn't required

Impact Summary

WordPress 5.0.21 is a targeted maintenance release that addresses specific security and functionality concerns in the 5.0 branch. The changes focus on improving the installation process through better option serialization and enhancing security with ZIP archive verification.

The addition of polyfills for PHP string functions improves compatibility across different PHP versions, which is particularly valuable for sites running on older server environments. These changes collectively make WordPress 5.0 installations more secure and reliable without introducing breaking changes.

While this is a maintenance release for an older branch of WordPress, the security improvements make it an important update for any sites still running WordPress 5.0.x. Site administrators should prioritize this update to benefit from the enhanced security measures, particularly the improved ZIP file verification that helps protect against potential upload vulnerabilities.