WordPress Release: 5.2.10

TL;DR

WordPress 5.2.10 is a maintenance and security release that focuses on build tool improvements, testing infrastructure updates, and a REST API security fix. The release transitions automated testing from TravisCI to GitHub Actions, adds support for NodeJS 14.x, and fixes an issue where authors couldn't read their own password-protected posts via the REST API. This release primarily affects developers and site administrators working with the WordPress codebase.

Highlight of the Release

• REST API security fix allowing authors to read their own password-protected posts
• Transition from TravisCI to GitHub Actions for all automated testing
• Support for NodeJS 14.x LTS across all WordPress branches
• Docker-based local WordPress development environment backported to 5.2 branch
• Updated Composer dependencies to support Composer 2.0

Migration Guide

Migrating to WordPress 5.2.10

No specific migration steps are required for this release as it primarily contains build tool improvements and security fixes.

For Developers Using the WordPress Codebase

If you're working directly with the WordPress codebase:

1. Composer 2.0: The build tools now support Composer 2.0. If you were previously using Composer 1.x, you can now upgrade to 2.0.

2. Testing Environment: If you were using TravisCI or Appveyor for testing WordPress, note that these have been replaced with GitHub Actions. Review the workflow files in .github/workflows/ to understand the new testing setup.

3. NodeJS: The codebase now supports NodeJS 14.x LTS. Consider updating your development environment to match this version for consistency.

Upgrade Recommendations

This release contains a security fix for the REST API and is recommended for all WordPress 5.2 installations.

Priority: Medium

While this is primarily a maintenance release focused on build tools and testing infrastructure, the REST API security fix is important for sites that use password-protected posts and rely on the REST API.

How to Upgrade:

1. Back up your website files and database
2. Download WordPress 5.2.10 from the WordPress.org website or use your hosting provider's update mechanism
3. Follow the standard WordPress update process

For sites on managed WordPress hosting, your host may handle this update automatically.

Bug Fixes

REST API Fix

• Fixed an issue where authors couldn't read their own password-protected posts via the REST API.

Testing Infrastructure Fixes

• Updated the test_readme() function to skip if HTTP requests to secure.php.net or dev.mysql.com fail on timeout.
• Fixed tests after updating package dependencies to support version ranges in package.json files.
• Prevented PHPUnit tests from running on push events for forks and private mirrors.

New Features

Build and Development Environment Improvements

• Docker-based Local Environment: Backported the Docker-based local WordPress development environment to the 5.2 branch for easier and more consistent testing.
• NodeJS 14.x Support: Added support for the latest LTS version of NodeJS (14.x), allowing the same version to be used across all WordPress branches that receive security updates.
• GitHub Actions Integration: Transitioned all automated testing from TravisCI and Appveyor to GitHub Actions, consolidating testing infrastructure in one location.
• Improved Test Workflows:
  • Added ability to run PHPUnit tests from src instead of build
  • Split single site and multisite tests into parallel jobs
  • Separated slow tests into dedicated parallel jobs for PHP 5.6
  • Added workflow dispatch event support for scheduled test runs

Security Updates

REST API Security Fix

• Fixed a security issue in the REST API where authors were unable to read their own password-protected posts. This ensures proper access control while maintaining security boundaries.

Performance Improvements

Testing Performance Improvements

• Split single site and multisite tests into parallel jobs for faster test execution
• Separated slow tests into dedicated parallel jobs for PHP 5.6
• Improved GitHub Actions workflow with better branch and path scoping for pull requests

Build Process Optimizations

• Updated build tools and dependencies to more recent versions
• Streamlined the Docker-based local development environment for better performance

Impact Summary

WordPress 5.2.10 is primarily a maintenance and security release that focuses on improving the development infrastructure rather than introducing user-facing changes. The most significant impact is for developers working with the WordPress codebase, who will benefit from updated build tools, support for newer technologies like Composer 2.0 and NodeJS 14.x, and a more streamlined testing infrastructure using GitHub Actions.

The REST API security fix ensures that authors can properly access their own password-protected posts via the API, which is important for sites that use custom front-ends or headless WordPress implementations.

For most end users and site administrators, this release will have minimal visible impact but provides important under-the-hood improvements that maintain WordPress's security and development infrastructure. The transition to GitHub Actions for automated testing represents a significant modernization of WordPress's development workflow, which will benefit the project's long-term sustainability.