WordPress Release: 5.3.10

TL;DR

WordPress 5.3.10 is a maintenance and security release that addresses critical issues with Let's Encrypt certificate validation and improves developer testing tools. The update removes an expired DST Root CA X3 certificate that was causing validation failures with Let's Encrypt certificates on systems using OpenSSL 1.0.2. It also introduces the PHPUnit Polyfills package to improve cross-version testing capabilities for plugin and theme developers.

Highlight of the Release

• Removed expired DST Root CA X3 certificate to fix Let's Encrypt validation issues
• Introduced PHPUnit Polyfills package for better cross-version testing
• Added wrappers for snake_case fixture methods in PHPUnit
• Fixed test forward-compatibility layer
• Synchronized default package script versions

Migration Guide

No specific migration steps are required for most users when updating to WordPress 5.3.10. The update process follows the standard WordPress update procedure.

For Developers Using PHPUnit Tests

If you're a developer who maintains test suites for WordPress plugins or themes:

1. You can now take advantage of the PHPUnit Polyfills package for better cross-version testing
2. Both camelCase and snake_case fixture methods are supported
3. Be aware that in rare cases where test classes don't follow standard fixture execution order, the behavior might change slightly

// Example of using both naming conventions in tests
class My_Test_Case extends WP_UnitTestCase {
    // Traditional camelCase method
    public function setUp() {
        parent::setUp();
        // Your setup code
    }
    
    // New snake_case method (also supported)
    public function set_up() {
        // Alternative setup code
    }
}

Upgrade Recommendations

This update is highly recommended for all WordPress 5.3 users due to the security fix addressing Let's Encrypt certificate validation issues. The certificate validation problem could affect secure connections on sites hosted on servers using OpenSSL 1.0.2.

For optimal security and functionality, users should consider upgrading to the latest WordPress version (beyond 5.3.10) if their hosting environment and plugins support it. However, for those who need to remain on the 5.3 branch, this update provides critical security improvements and should be applied promptly.

Bug Fixes

Let's Encrypt Certificate Validation Fix

The release removes the DST Root CA X3 certificate that expired on September 30, 2021. This certificate was causing validation failures with Let's Encrypt certificates on systems using OpenSSL 1.0.2, which would incorrectly select the expired certificate path during validation.

Test Forward-Compatibility Layer Fix

Fixed an issue in the test wrapper methods where snake_case fixture methods weren't being called due to naming recognition problems. The update:

• Adds extra camelCase wrappers to the WP_UnitTestCase class
• Ensures methods are called in the correct order
• Adds wrappers for assertPreConditions() and assertPostConditions() fixture methods

New Features

PHPUnit Polyfills Package

WordPress 5.3.10 introduces the PHPUnit Polyfills package to the core testing infrastructure. This addition makes it easier for developers to write and maintain tests that work across multiple versions of WordPress while supporting newer PHP versions and modern PHPUnit practices.

The package provides:

• Compatibility layers for different PHPUnit versions
• Support for both camelCase and snake_case fixture methods
• Wrappers that allow developers to transition to newer PHPUnit naming conventions

This enhancement is particularly valuable for plugin and theme developers who need to ensure their code works across various WordPress versions and PHP environments.

Security Updates

Let's Encrypt Certificate Validation

This release addresses a security concern related to SSL certificate validation. By removing the expired DST Root CA X3 certificate, WordPress now properly validates Let's Encrypt certificates on systems using OpenSSL 1.0.2.

The issue occurred because OpenSSL 1.0.2 would select a certificate validation path that led to the expired DST Root CA X3 certificate, causing certificate validation failures. This could potentially impact secure connections to and from WordPress sites.

Performance Improvements

No specific performance improvements were highlighted in this release. The changes were primarily focused on security fixes, compatibility improvements, and developer tooling enhancements.

Impact Summary

WordPress 5.3.10 delivers important security and compatibility improvements that enhance the stability and security of WordPress installations, particularly for sites using Let's Encrypt certificates on servers with OpenSSL 1.0.2.

The removal of the expired DST Root CA X3 certificate resolves a critical issue that could cause certificate validation failures, potentially disrupting secure connections. This fix ensures continued compatibility with Let's Encrypt certificates, which are widely used across the web.

For developers, the introduction of the PHPUnit Polyfills package significantly improves the testing infrastructure, making it easier to maintain code that works across multiple WordPress versions while supporting modern PHP practices. This enhancement streamlines the development workflow and helps ensure better code quality and compatibility.

While this is primarily a maintenance and security release, the improvements to certificate validation and testing infrastructure provide substantial benefits for site stability, security, and developer productivity.