WordPress Release: 5.1.11

TL;DR

WordPress 5.1.11 is a security and maintenance release that updates the Lodash dependency to version 4.17.21, addressing potential security vulnerabilities. The update also includes improvements to the Block Editor by disabling certain attributes for rich text and implementing deterministic module IDs in the webpack configuration for better build consistency. This release is important for maintaining the security and stability of WordPress 5.1.x installations.

Highlight of the Release

• Updated Lodash dependency to version 4.17.21 to address security vulnerabilities
• Disabled specific attributes for rich text in the Block Editor for improved security
• Implemented deterministic module IDs in webpack configuration for more consistent builds

Migration Guide

No specific migration steps are required for this update. This is a standard maintenance release that can be applied through the WordPress automatic update system or by downloading the update from WordPress.org.

After updating, site administrators should:

1. Test their site functionality, particularly any custom implementations that might rely on Lodash
2. Verify that content created with the Block Editor displays correctly
3. Check that any custom blocks or editor extensions continue to function as expected

Upgrade Recommendations

It is strongly recommended that all WordPress 5.1.x sites be updated to version 5.1.11 as soon as possible due to the security improvements included in this release.

The update to Lodash 4.17.21 addresses known security vulnerabilities that could potentially be exploited on sites running older versions. While this is a maintenance release for the 5.1.x branch, users who are able to upgrade to more recent major versions of WordPress should consider doing so to benefit from additional security improvements and features.

Bug Fixes

This release includes fixes related to the Block Editor functionality:

• Disabled certain attributes for rich text that could potentially cause issues
• Improved build consistency by implementing deterministic module IDs in the webpack configuration
• Additional package updates for the Block Editor to ensure compatibility and stability

New Features

No significant new features were introduced in this maintenance release. The focus was on security improvements and bug fixes rather than new functionality.

Security Updates

This release includes an important security update:

• Updated the Lodash dependency to version 4.17.21, which addresses known security vulnerabilities in previous versions
• Disabled certain rich text attributes that could potentially be exploited in specific scenarios

These changes help protect WordPress sites from potential security issues and are recommended for all installations.

Performance Improvements

The implementation of hashed/deterministic module IDs in the webpack configuration improves build consistency and may provide slight performance benefits by ensuring more predictable code output. This change helps maintain consistent performance across different builds of the WordPress codebase.

Impact Summary

WordPress 5.1.11 is primarily a security and maintenance release that focuses on addressing potential vulnerabilities and improving stability rather than adding new features.

The update to Lodash 4.17.21 is particularly important as it resolves security issues in this widely-used dependency. The changes to rich text attributes in the Block Editor and the implementation of deterministic module IDs contribute to a more secure and stable editing experience.

While the changes in this release are relatively minimal (affecting only 6 files with 657 additions and 517 deletions), they address important security concerns that warrant prompt updating for all WordPress 5.1.x installations. This release maintains backward compatibility and should not disrupt existing site functionality.