HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

5.2.7

WordPress Release: 5.2.7

Tag Name: 5.2.7

Release Date: 6/10/2020

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 5.2.7 is a security and maintenance release that addresses several important issues. It improves comment security by preventing unmoderated comments from being indexed by search engines, enhances redirect validation, and fixes several bugs in the block editor and embeds. This release also adds support for "Block Editor Styles" and "Wide Blocks" theme features in the Theme Directory API.

Highlight of the Release

    • Improved security for unmoderated comments to prevent search engine indexing
    • Added support for 'Block Editor Styles' and 'Wide Blocks' theme features
    • Enhanced redirect validation for better security
    • Fixed issues with embeds and title attributes
    • Added new filter to extend set-screen-option functionality

Migration Guide

No specific migration steps are required for this maintenance and security release. WordPress 5.2.7 is a backward-compatible update that can be safely applied to sites running WordPress 5.2.x.

As with any WordPress update, it's recommended to:

  1. Back up your website before updating
  2. Update all themes and plugins to their latest versions
  3. Test functionality after the update is complete

If you're running an older version of WordPress (pre-5.2), consider updating to the latest major version for access to all new features and security improvements.

Upgrade Recommendations

This release contains important security fixes, so an immediate upgrade is strongly recommended for all sites running WordPress 5.2.x.

For sites on older versions of WordPress, consider updating to the latest major version for the most comprehensive security protection and feature improvements.

The 5.2.7 update is focused on security and bug fixes, making it a low-risk update that should not impact existing functionality. As always, testing in a staging environment before updating production sites is recommended best practice.

Bug Fixes

Comment System

  • Fixed an issue where unmoderated comments could be indexed by search engines
  • Implemented a brief window where comments are live on the site after submission before requiring moderation

Editor Fixes

  • Bumped Gutenberg dependencies to fix issues:
    • @wordpress/block-library: 2.4.6 → 2.4.7
    • @wordpress/edit-post: 3.3.6 → 3.3.7
  • Prevented HTML decoding issues by setting the proper editor context
  • Ensured latest comments can only be viewed from public posts

Embeds and Formatting

  • Fixed embeds to ensure title attributes are set correctly
  • Enhanced wp_validate_redirect() to sanitize a wider variety of characters

Theme Handling

  • Fixed an issue where broken theme names weren't being returned properly

New Features

Theme Features Support

  • Added support for "Block Editor Styles" and "Wide Blocks" to the list of WordPress theme features in the Theme Directory API
  • These features were added in anticipation of being committed to WordPress core 5.2+

Administration Enhancements

  • Added a new filter to extend set-screen-option functionality, providing more flexibility for plugin developers

Security Updates

Comment Security

  • Implemented protection against search engines indexing unmoderated comments
  • Added a brief window mechanism where comments are live before requiring moderation
  • Props to jonkolbert, ayeshrajans, Asif2BD, peterwilsoncc, imath, audrasjb, jonoaldersonwp, whyisjake, SergeyBiryukov

URL Handling Security

  • Enhanced wp_validate_redirect() function to sanitize a wider variety of potentially malicious characters
  • This improvement helps prevent redirect-based attacks

Content Protection

  • Ensured that latest comments can only be viewed from public posts, preventing potential information disclosure
  • Props to poena and xknown for this security enhancement

Performance Improvements

Build System Optimization

  • Trimmed the test matrix on Travis to speed up the 5.2 branch build
  • Removed PHP 7.2 and 7.1 jobs from the test matrix
  • Removed PHP 7.3 job which runs without an object cache in place to streamline testing

Impact Summary

WordPress 5.2.7 is primarily a security and maintenance release that addresses several important vulnerabilities and bugs. The most significant impact is the improved security for comment handling, which prevents search engines from indexing unmoderated comments, protecting site owners from potential spam or malicious content being associated with their sites.

For theme developers, the addition of "Block Editor Styles" and "Wide Blocks" theme features in the Theme Directory API provides better support for modern block editor functionality. Content creators will benefit from fixes to the block editor and improved embed functionality.

The security enhancements to redirect validation and comment visibility represent important protections against potential vulnerabilities. While this is not a feature-heavy release, the security improvements make it an essential update for all WordPress 5.2.x sites.

Statistics:

File Changed20
Line Additions260
Line Deletions85
Line Changes345
Total Commits10

User Affected:

  • Improved security for comment handling and redirect validation
  • Better protection against search engines indexing unmoderated comments
  • Enhanced theme feature support in the Theme Directory API

Contributors:

SergeyBiryukovdesrosjwhyisjake