HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

5.5.4

WordPress Release: 5.5.4

Tag Name: 5.5.4

Release Date: 4/15/2021

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 5.5.4 is a security and maintenance release that addresses a REST API vulnerability allowing authors to read their own password-protected posts. The update also includes significant improvements to the build and testing infrastructure, transitioning from TravisCI and Appveyor to GitHub Actions, and adding support for NodeJS 14.x. This release ensures WordPress remains secure and maintains compatibility with modern development environments.

Highlight of the Release

    • Fixed REST API vulnerability allowing authors to read their own password-protected posts
    • Transitioned all automated testing from TravisCI and Appveyor to GitHub Actions
    • Added support for NodeJS 14.x LTS
    • Improved testing infrastructure with parallel job execution and better test reliability

Migration Guide

No significant migration steps are required for this update. WordPress 5.5.4 is a security and maintenance release that should be compatible with existing sites running WordPress 5.5.x.

For developers working on the WordPress codebase:

  1. If you were using TravisCI or Appveyor for testing WordPress 5.5 branch code, you'll need to transition to using GitHub Actions.
  2. Update your local development environment to use NodeJS 14.x if you're working with the WordPress 5.5 branch.
  3. Take advantage of the ability to run PHPUnit tests from the src directory instead of the build directory for more efficient testing.

Upgrade Recommendations

This release contains an important security fix for the REST API, so upgrading is strongly recommended for all WordPress 5.5.x sites.

The update process should be straightforward:

  1. Back up your website before updating
  2. Update through your WordPress dashboard or download the update from WordPress.org
  3. No database changes or special procedures are required for this update

For sites on managed WordPress hosting, the update may be applied automatically by your hosting provider.

Bug Fixes

REST API

  • Fixed an issue where authors were unable to access their own password-protected posts through the REST API.

Testing Infrastructure

  • Fixed issues with REST API plugin installation tests by disabling update checks and setting up local plugin downloads, preventing external HTTP requests that could cause timeouts.
  • Fixed Travis configuration errors in the build system.
  • Fixed unintentional PHPUnit test runs on push events for forks and private mirrors.

New Features

REST API Improvement

  • Authors can now properly read their own password-protected posts via the REST API, fixing a functionality gap in content management.

Development Environment Enhancements

  • Added support for NodeJS 14.x LTS in the 5.5 branch, allowing developers to use the latest stable Node version.
  • Implemented GitHub Actions workflows for all automated testing, providing a more modern and reliable testing infrastructure.
  • Added ability to run PHPUnit tests from src instead of build directory for more efficient development workflows.

Security Updates

REST API Security Fix

  • Fixed a vulnerability in the REST API that affected password-protected posts. This update ensures that authors can properly access their own password-protected content while maintaining appropriate access restrictions for other users.

Security Policy Update

  • Updated the Security Policy for the 5.5 branch to maintain alignment with WordPress security standards.

Performance Improvements

Testing Performance

  • Split single site and multisite tests into parallel jobs for faster test execution.
  • Split slow tests into separate, parallel jobs for PHP 5.6 to improve overall testing speed.
  • Improved test reliability by using local plugin downloads instead of external requests to WordPress.org, preventing timeouts and failures.

Build System

  • Streamlined the build and test process by consolidating all automated testing in GitHub Actions.
  • Optimized workflow configurations with better branch and path scoping for GitHub Action workflows when running on pull requests.

Impact Summary

WordPress 5.5.4 is primarily a security and maintenance release that addresses a REST API vulnerability related to password-protected posts. While this is a targeted fix, it's an important security update that all WordPress 5.5.x sites should implement.

For end users and site administrators, the impact is minimal beyond the security improvements. The site functionality should remain unchanged after updating.

For WordPress developers, this release brings significant improvements to the development and testing infrastructure. The transition to GitHub Actions for all automated testing creates a more modern, consistent testing environment. Support for NodeJS 14.x ensures compatibility with current LTS Node versions, making development more accessible with modern tools.

The testing improvements, including parallel job execution and better test reliability, primarily benefit core contributors but ultimately lead to a more stable WordPress codebase for everyone.

Overall, this is a targeted release focused on security and developer experience rather than end-user features.

Statistics:

File Changed40
Line Additions2,320
Line Deletions1,335
Line Changes3,655
Total Commits18

User Affected:

  • Can now properly access their own password-protected posts via the REST API
  • Previously may have experienced issues when trying to edit or manage their password-protected content

Contributors:

SergeyBiryukovdesrosjpeterwilsonccaaronjorbin