WordPress Release: 5.4.15

TL;DR

WordPress 5.4.15 is a maintenance and security release that addresses two key issues: improves the installation process by optimizing option serialization and enhances security by adding verification for ZIP archives during uploads. The release also backports PHP string function polyfills for better compatibility with newer PHP versions while maintaining support for older environments.

Highlight of the Release

• Optimized option serialization during installation process
• Added verification for ZIP archives during uploads for enhanced security
• Backported polyfills for PHP 8 string functions (str_starts_with() and str_ends_with())

Migration Guide

No specific migration steps are required for this maintenance release. WordPress 5.4.15 is a backward-compatible update that can be safely applied to existing WordPress 5.4.x installations.

Upgrade Recommendations

This release contains security improvements and bug fixes, so upgrading is strongly recommended for all WordPress 5.4.x users. As always with any WordPress update, it's advisable to back up your site before performing the upgrade.

For users on older versions of WordPress, consider updating to the latest major version (if your site is compatible) to receive all security updates and new features.

Bug Fixes

Installation Process Improvements

Fixed an issue in the installation process where options were always being serialized. Now WordPress uses maybe_serialize() instead of always serializing options during installation, which provides more appropriate handling of option values based on their type.

ZIP Archive Verification

Addressed a security concern by implementing verification checks for ZIP archives during the upload process. This ensures that uploaded ZIP files are properly validated before being processed by WordPress.

New Features

Backported PHP String Function Polyfills

WordPress 5.4.15 includes backported polyfills for the PHP 8 string functions str_starts_with() and str_ends_with(). This addition improves compatibility with code written for newer PHP versions while maintaining support for older PHP environments. These polyfills allow developers to use modern string manipulation methods regardless of the PHP version running on the server.

Security Updates

Enhanced Upload Security

This release includes an important security enhancement for file uploads, specifically targeting ZIP archives. WordPress now performs additional verification checks on ZIP files during the upload process, helping to prevent potential security vulnerabilities related to malformed or malicious archive files.

Performance Improvements

Optimized Option Serialization

The change from always serializing options to using maybe_serialize() during installation not only fixes a bug but also improves performance by avoiding unnecessary serialization operations. This optimization makes the installation process more efficient, especially when dealing with options that don't require serialization.

Impact Summary

WordPress 5.4.15 is primarily a security and maintenance release that addresses specific issues without introducing breaking changes. The improvements to ZIP archive verification enhance security for all WordPress sites, particularly those that allow file uploads. The optimization of option serialization during installation improves the reliability and performance of new WordPress installations.

The addition of polyfills for PHP 8 string functions improves compatibility across different PHP environments, making it easier for developers to write forward-compatible code. This is especially valuable for sites running on older PHP versions that need to maintain compatibility with code written for newer PHP versions.

Overall, this release continues WordPress's commitment to security, stability, and backward compatibility while preparing for future PHP compatibility.