WordPress Release: 5.5.6

TL;DR

WordPress 5.5.6 is a security and maintenance release that addresses important security vulnerabilities and includes several bug fixes. The update focuses on improving REST API security handling, updating the Lodash dependency to version 4.17.21 to patch security vulnerabilities, and enhancing the block editor's rich text functionality. This release is recommended for all WordPress 5.5.x installations.

Highlight of the Release

• Security update for Lodash dependency to version 4.17.21
• Improved REST API security with enhanced JSONP request handling
• Disabled potentially problematic attributes for rich text in the block editor
• Performance improvements with deterministic moduleIDs in webpack configuration

Migration Guide

No specific migration steps are required for this update. WordPress 5.5.6 is a maintenance and security release that should be compatible with existing themes and plugins.

To update:

1. Back up your WordPress site (files and database)
2. Update through the WordPress admin dashboard or manually download and install the update
3. Test your site functionality after the update

If you're developing with the REST API or using JSONP requests, note the changes to _jsonp_wp_die_handler() which now only applies to JSONP REST API requests.

Upgrade Recommendations

This update is highly recommended for all WordPress 5.5.x installations due to the security fixes included. The security improvements to Lodash and REST API handling address vulnerabilities that could potentially be exploited if left unpatched.

Priority: High
Timing: Immediate upgrade recommended
Compatibility: No known compatibility issues with existing themes and plugins

If you're running WordPress 5.5.x, you should update to 5.5.6 as soon as possible to ensure your site remains secure.

Bug Fixes

REST API Handling

• Fixed JSONP REST API request handling by ensuring _jsonp_wp_die_handler() is only used for JSONP REST API requests, preventing potential security issues.

Rich Text Editor

• Disabled certain attributes for rich text in the block editor to prevent potential issues and improve stability.

New Features

No significant new features were introduced in this maintenance release. WordPress 5.5.6 focuses primarily on security enhancements and bug fixes to improve the stability and security of existing functionality.

Security Updates

Third-party Dependencies

• Updated Lodash to version 4.17.21 to address security vulnerabilities in previous versions. This update patches multiple security issues in the library that could potentially be exploited.

REST API Security

• Enhanced security for JSONP REST API requests by improving the handling of the _jsonp_wp_die_handler() function, ensuring it's only used for appropriate requests.

Performance Improvements

Build System Improvements

• Implemented hashed/deterministic moduleIDs in webpack configuration, which can improve build consistency and potentially enhance performance of JavaScript assets.

Security Optimizations

• The security updates to Lodash and REST API handling may indirectly improve performance by preventing potential exploits that could affect site performance.

Impact Summary

WordPress 5.5.6 is primarily a security-focused maintenance release that addresses important vulnerabilities while improving system stability. The update to Lodash 4.17.21 patches multiple security issues in this widely-used dependency. The improvements to REST API security handling enhance protection against potential exploits. For developers, the webpack configuration changes provide more consistent builds.

This release demonstrates WordPress's commitment to maintaining security in older branches while the project continues to evolve. While not introducing new features, these security and maintenance updates are crucial for sites still running on the 5.5.x branch, ensuring they remain protected against known vulnerabilities without requiring a major version upgrade.