WordPress Release: 5.6.1

TL;DR

WordPress 5.6.1 is a maintenance release that addresses several bugs and issues found in WordPress 5.6. This update includes important fixes for PHP 8 compatibility, improvements to the Twenty Twenty-One theme, fixes for the REST API, and enhancements to the Application Passwords feature. It also includes editor improvements through updated WordPress editor packages, addressing crashes and accessibility issues.

Highlight of the Release

• Fixed PHP 8 compatibility issue with SimplePie feed parsing that was causing fatal errors
• Improved Twenty Twenty-One theme with fixes for Dark Mode, iframe embeds, and form styling
• Enhanced Application Passwords feature with better Basic Auth detection and error handling
• Fixed editor crashes and improved accessibility in the block editor
• Improved security for exported user data reports by preventing directory listings

Migration Guide

No significant migration steps are required for this maintenance release. WordPress 5.6.1 is a bug fix release that maintains backward compatibility with WordPress 5.6.

If you're using Application Passwords with Basic Auth protection on your site's front-end, you can now use the new wp_is_site_protected_by_basic_auth filter to customize the Basic Auth detection if needed.

Upgrade Recommendations

WordPress 5.6.1 is a maintenance and security release that addresses several bugs and issues found in WordPress 5.6. It's recommended that all WordPress 5.6 users upgrade to 5.6.1 as soon as possible.

The update process is straightforward and can be done through the WordPress admin dashboard. Simply go to Dashboard > Updates and click "Update Now." For sites with automatic background updates enabled for minor releases, the update may have already been applied.

This release is particularly important for:

• Sites running on PHP 8
• Sites using the Twenty Twenty-One theme
• Sites utilizing Application Passwords
• Sites with REST API integrations

No compatibility issues have been reported with this maintenance release.

Bug Fixes

PHP 8 Compatibility

• Fixed a fatal error in SimplePie feed parsing by properly handling multiple header values

REST API Fixes

• Fixed fatal error on multisite when calling single item plugin routes
• Corrected taxonomy schema to only include the controller's own taxonomy
• Fixed plugin activation checks by loading required functions

Theme Fixes

Twenty Twenty-One Theme:

• Fixed display of iframe embeds that were too narrow
• Improved text readability in code blocks in Dark Mode
• Fixed striped table styling in Dark Mode
• Added support for local anchor links in primary navigation
• Set maximum width on inputs to prevent overflow
• Improved PostCSS configuration for Internet Explorer compatibility
• Optimized IE polyfill loading

Twenty Nineteen Theme:

• Added missing images for block patterns
• Added the block-patterns tag to SASS files

Media Library

• Fixed wp_get_attachment_metadata() to properly return values from global $post
• Fixed template for "Align" and "Link To" fields in media modal when inserting images from URL

Site Health

• Improved loopback tests to use front-end URL instead of admin URL
• Fixed version checks to only run on the main site in multisite installations
• Updated PHP update recommendation strings to be more accurate

New Features

Editor Improvements

The WordPress editor received several updates to fix issues and improve functionality:

• Fixed editor crash when registering a block pattern without categories
• Added HTML and reusable block support back to the Embed block
• Fixed editor styles in the HTML Block
• Improved font size picker to correctly handle large font sizes
• Prevented inserter overscroll in Site Editor

Application Passwords Enhancements

• Extracted Basic Auth check into a reusable filterable function (wp_is_site_protected_by_basic_auth())
• Fixed PHP warnings when using certain SSO solutions like Shibboleth
• Ensured the Add New button isn't hidden on mobile devices
• Corrected translation function for headings on the Authorize Application screen

Security Updates

Security Enhancements

• Improved security for exported user data reports by changing from .html to .php files to prevent directory listings
• Enhanced Application Passwords security by improving Basic Auth detection
• Fixed authentication checks in REST API endpoints

Performance Improvements

Performance Optimizations

• Optimized IE polyfill loading in Twenty Twenty-One theme by only loading when actually using Internet Explorer
• Maintained performance improvements in wp_get_attachment_metadata() while restoring backward compatibility
• Improved REST API performance by normalizing _fields value for use in stableKey
• Optimized test runs by disabling unnecessary update checks and using local plugin downloads

Impact Summary

WordPress 5.6.1 is a maintenance release that focuses on bug fixes and improvements rather than introducing new features. The most significant impact is the resolution of PHP 8 compatibility issues, which were causing fatal errors in certain scenarios.

For theme users, especially those using Twenty Twenty-One, this update brings numerous fixes that improve the visual appearance and functionality, particularly for Dark Mode, iframe embeds, and form styling.

Developers will benefit from fixes to the REST API and Application Passwords feature, making these tools more reliable and robust. The update to WordPress editor packages addresses several issues including editor crashes, accessibility improvements, and fixes for specific blocks like the HTML and Embed blocks.

Site administrators will appreciate the improvements to Site Health checks and the enhanced security for exported user data reports. The update also includes performance optimizations, particularly for sites supporting Internet Explorer.

Overall, this release enhances stability, security, and accessibility across the WordPress platform without introducing breaking changes or requiring significant adjustments to existing sites.