WordPress Release: 5.7.12

TL;DR

WordPress 5.7.12 brings important security and test reliability improvements

This maintenance release addresses a critical security vulnerability in the Template-Part Block on Windows systems and enhances test reliability by fixing issues with external HTTP tests. The security fix patches a path traversal vulnerability that could potentially be exploited on Windows-based WordPress installations. For site owners and administrators, this update is recommended for immediate installation to maintain site security.

Highlight of the Release

• Fixed a path traversal security vulnerability in the Template-Part Block on Windows systems
• Improved reliability of external HTTP tests by using WordPress.org CDN images
• Addressed issues with image size variations in tests across different platforms

Migration Guide

No migration steps are required for this update. This is a standard maintenance release that can be applied through the normal WordPress update process.

Upgrade Recommendations

Immediate Upgrade Recommended

Due to the security fix included in this release, it is strongly recommended that all WordPress site administrators update to version 5.7.12 immediately, especially those running WordPress on Windows-based servers.

The update can be installed through the WordPress dashboard or by downloading the update from WordPress.org.

Bug Fixes

Test Reliability Improvements

• Fixed issues with external HTTP tests by switching to use images from the WordPress.org CDN
• Addressed inconsistencies in image size responses that were occurring between different platforms
• Resolved problems caused by WP.com's on-the-fly image compression affecting test results

New Features

No new features were introduced in this maintenance release. WordPress 5.7.12 focuses on security fixes and test reliability improvements.

Security Updates

Path Traversal Vulnerability Fix

Fixed a path traversal security vulnerability in the Template-Part Block that affected WordPress installations running on Windows systems. This vulnerability could potentially allow attackers to access files outside the intended directory structure.

This fix was merged from commit [58470] to the 5.7 branch.

Performance Improvements

No specific performance improvements were included in this release. The changes focus on security fixes and test reliability.

Impact Summary

WordPress 5.7.12 is a security-focused maintenance release that addresses a path traversal vulnerability in the Template-Part Block affecting Windows-based WordPress installations. This vulnerability could potentially allow unauthorized access to files outside the intended directory structure, making this update critical for maintaining site security.

The release also improves the reliability of WordPress's test suite by fixing issues with external HTTP tests, particularly related to image handling across different platforms. These changes ensure more consistent test results by using images from the WordPress.org CDN instead of relying on WP.com's image processing, which was causing variations in image sizes.

While this update doesn't introduce new features or performance improvements, it's an important security release that all WordPress administrators should apply promptly, especially those running WordPress on Windows servers.