WordPress Release: 5.4.1

TL;DR

WordPress 5.4.1 is a maintenance and security release that addresses several bugs and security vulnerabilities found in WordPress 5.4. This update includes fixes for the REST API, privacy policy guide styling, media uploads in certain browsers, customizer improvements, and several security enhancements. The release focuses on improving stability, accessibility, and security without introducing new features.

Highlight of the Release

• Fixed REST API permission checks for revisions controller
• Improved media file uploads in Edge ≤ 44 and iOS Safari browsers
• Enhanced security with proper escaping in the Cache API
• Fixed privacy policy guide styling for tables and lists
• Improved accessibility with fixed heading hierarchy and dark mode support
• Added security measures to invalidate user activation keys on password updates

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 5.4.1 is a direct update from WordPress 5.4 and does not introduce any breaking changes that would require migration efforts.

To update to WordPress 5.4.1:

1. Back up your website files and database before updating
2. Update through your WordPress dashboard or via your preferred method
3. Test your website functionality after the update to ensure everything works as expected

No changes to themes or plugins should be necessary as a result of this update.

Upgrade Recommendations

This is a security and maintenance release that addresses several important bugs and security vulnerabilities. All WordPress sites running version 5.4 should upgrade to 5.4.1 as soon as possible.

The security fixes included in this release help protect your site from potential vulnerabilities, while the bug fixes improve overall stability and compatibility. Since this is a maintenance release with no breaking changes, the upgrade process should be smooth and straightforward.

WordPress 5.4.1 is compatible with existing plugins and themes that work with WordPress 5.4, so no compatibility issues are expected during the upgrade.

Bug Fixes

• REST API: Fixed revisions controller get_item permission check that incorrectly introduced a delete_post permissions check, breaking plugins that requested revisions when generating previews.
• REST API: Fixed _fields filtering of registered REST fields to properly permit filtering by nested field properties.
• Media: Removed display: none; from the visually hidden <input type="file"> button used in Plupload, fixing file selection in Edge ≤ 44 and iOS Safari.
• Privacy: Made the deprecated wp_get_user_request_data() function available on front end, as it was accidentally made available only in admin context.
• Mail: Improved the check for empty post titles in wp-mail.php to be more resilient, fixing a regression that caused posts sent via email to be published with empty titles.
• Taxonomy: Un-deprecated category_link and tag_link filters that may have been accidentally deprecated.
• Site Health: Fixed Site Health class instantiation that prevented plugins from using certain hooks by instantiating before plugins were loaded.
• Customize: Added white background to the WordPress logo for better visibility in dark mode browsers.

New Features

No new features were introduced in this maintenance release. WordPress 5.4.1 focuses on bug fixes, security enhancements, and improvements to existing functionality.

Security Updates

• User Security: Invalidated user activation keys on password updates to prevent potential security issues with password reset links.
• Query Security: Ensured that only a single post can be returned on date/time based queries, preventing potential query manipulation vulnerabilities.
• Cache API: Improved security by ensuring proper escaping around the stats method in the cache API.
• Customizer: Added additional filters to prevent JSON corruption in the Customizer, extending the wp_insert_post_data filter to provide more control over sanitization based on post type.
• File Handling: Expanded sanitize_file_name function to have better support for UTF-8 characters, improving security and compatibility.

Performance Improvements

No specific performance improvements were highlighted in this maintenance release. The focus was primarily on bug fixes and security enhancements rather than performance optimizations.

Impact Summary

WordPress 5.4.1 is primarily a security and bug fix release that addresses several important issues discovered in WordPress 5.4. The impact is largely positive, providing enhanced security, improved accessibility, and fixes for functionality that was broken or not working as expected.

The security enhancements are particularly important, addressing potential vulnerabilities in user activation keys, query handling, and the cache API. These fixes help protect WordPress sites from potential security threats.

For developers, the fixes to the REST API and the restoration of accidentally deprecated filters will resolve issues that may have been affecting plugin functionality. The fix for Site Health class instantiation also resolves a limitation that prevented plugins from using certain hooks.

Content creators will benefit from fixes to the media upload functionality in certain browsers and improvements to the email-to-post feature. Accessibility improvements make the platform more usable for all users, particularly those using screen readers or dark mode browsers.

Overall, this release improves the stability, security, and reliability of WordPress 5.4 without introducing any breaking changes or requiring significant adaptation from users.