WordPress Release: 5.7.8

TL;DR

WordPress 5.7.8 is a security and maintenance release that addresses multiple security vulnerabilities and includes important bug fixes. This update introduces strings to indicate security support status for WordPress versions, fixes timezone handling in tests, and includes several security-focused backports. The release is essential for maintaining the security and stability of WordPress sites.

Highlight of the Release

• Introduction of strings to indicate security support status for WordPress versions
• Fixed timezone handling in date/time tests for PHP 8.2 compatibility
• Multiple security improvements across various WordPress components
• Updated WordPress editor packages with bug fixes

Migration Guide

No specific migration steps are required for this update. This is a standard security and maintenance release that should be applied through the normal WordPress update process.

As always, it's recommended to:

1. Back up your website before updating
2. Test the update in a staging environment if possible
3. Update plugins and themes to their latest versions

Upgrade Recommendations

This update is highly recommended for all WordPress 5.7.x installations due to the security fixes included.

Site administrators should update their WordPress installations as soon as possible to ensure their sites remain secure. The security improvements address vulnerabilities in multiple components of WordPress that could potentially be exploited if left unpatched.

The update can be applied through the WordPress dashboard or manually by downloading the release from the WordPress.org website.

Bug Fixes

Timezone Handling in Tests

• Replaced the deprecated Europe/Kiev timezone with Europe/Helsinki in date/time tests for PHP 8.2 compatibility
• This ensures tests run properly across all supported PHP versions

Editor Package Updates

• Fixed bugs in several WordPress editor packages:
  • @wordpress/block-directory: 1.18.16
  • @wordpress/block-library: 2.28.13
  • @wordpress/edit-post: 3.26.16

New Features

Introduction of Security Support Status Indicators

New strings have been added to indicate the security support status of WordPress versions. These strings will be used in future maintenance and security releases to:

• Notify users when their WordPress version is no longer receiving security updates
• Alert users when their WordPress version will shortly stop receiving security updates

This change makes these strings available to translators in preparation for future use.

Security Updates

Security Improvements

This release includes multiple security enhancements:

• REST API: Locked down post parameter of the terms endpoint
• Customize: Escaped blogname option in underscores templates
• Query: Added validation for relation in WP_Date_Query
• Posts/Post Types:
  • Applied KSES to post-by-email content
  • Removed emails from post-by-email logs
• General: Validated host on "Are you sure?" screen
• Pings/Trackbacks: Applied KSES to all trackbacks
• Mail: Reset PHPMailer properties between use
• Comments: Applied KSES when editing comments
• Widgets: Escaped RSS error messages for display

Performance Improvements

Media Search Improvements

• Refactored search by filename functionality within the admin area
• This should provide a more efficient and reliable media search experience

Impact Summary

WordPress 5.7.8 is primarily a security-focused release that addresses multiple vulnerabilities across various WordPress components. The update introduces strings for indicating security support status, which will be used in future releases to notify users when their WordPress version is no longer receiving or will soon stop receiving security updates.

The release also includes compatibility improvements for PHP 8.2 by updating timezone handling in date/time tests, replacing the deprecated Europe/Kiev timezone with Europe/Helsinki.

Several WordPress editor packages have been updated to fix bugs, and the media search functionality has been refactored for better performance.

This release is part of WordPress's ongoing commitment to security and should be applied promptly to all WordPress 5.7.x installations to maintain site security and stability.