WordPress Release: 5.8.5

TL;DR

WordPress 5.8.5 is a security and maintenance release that addresses several security vulnerabilities and includes important bug fixes. This update focuses on improving output escaping in various WordPress components, fixing pattern directory keyword handling, and updating build tools. The release ensures WordPress remains secure and stable while maintaining compatibility with NodeJS 14.x for contributors.

Highlight of the Release

• Security improvements with proper output escaping in multiple WordPress components
• Fixed pattern directory keyword handling for better pattern discoverability
• Maintained NodeJS 14.x compatibility for contributors
• Updated GitHub Actions workflows for better tooling consistency

Migration Guide

No specific migration steps are required when updating from WordPress 5.8.4 to 5.8.5. This is a standard security and maintenance release that can be applied through the normal WordPress update process.

To update:

1. Back up your website before updating
2. Navigate to Dashboard > Updates
3. Click "Update Now" when WordPress 5.8.5 is available
4. Allow the update process to complete

If you're a developer working on WordPress core or plugins, note that NodeJS 14.x is still the specified version in the .nvmrc file for compatibility purposes.

Upgrade Recommendations

It is strongly recommended that all WordPress site administrators update to version 5.8.5 immediately. This release contains important security fixes that protect your site from potential vulnerabilities.

The update process is straightforward with no known compatibility issues. As with any update, it's always good practice to back up your site before proceeding with the update.

For sites that are automatically updated, no action is required. For manually updated sites, please proceed with the update through your WordPress dashboard or via your preferred update method as soon as possible.

Bug Fixes

• Pattern Directory Keywords: Fixed how pattern keywords are retrieved from the WordPress.org Pattern Directory. The code now correctly uses meta.wpop_keywords property instead of the deprecated taxonomy value, ensuring proper pattern discoverability when searching.

• Bookmark Query Limits: Added validation to ensure bookmark query limits are numeric, preventing potential issues with invalid input.

• Build Tools: Updated GitHub Actions workflows to use reusable Slack notifications workflow instead of relying on the workflow_run event, maintaining tooling consistency across branches.

New Features

No significant new features were introduced in this maintenance release. WordPress 5.8.5 focuses primarily on security enhancements and bug fixes to ensure the stability and security of the platform.

Security Updates

• Output Escaping in the_meta(): Improved security by properly escaping output within the the_meta() function to prevent potential XSS vulnerabilities.

• Plugin Error Messages: Enhanced security by properly escaping output in plugin error messages to prevent potential XSS attacks.

• Bookmark Query Validation: Added validation to ensure bookmark query limits are numeric, preventing potential security issues with malformed queries.

Performance Improvements

No specific performance improvements were highlighted in this release. WordPress 5.8.5 primarily focuses on security enhancements and bug fixes rather than performance optimizations.

Impact Summary

WordPress 5.8.5 is primarily a security-focused maintenance release that addresses several potential vulnerabilities through improved output escaping and input validation. The update includes fixes for XSS vulnerabilities in the_meta() function and plugin error messages, ensuring better protection for WordPress sites.

The release also fixes an issue with pattern directory keyword handling, improving the discoverability of patterns when searching the WordPress.org Pattern Directory. This enhances the content creation experience for users who rely on block patterns.

For developers, the release maintains compatibility with NodeJS 14.x through the .nvmrc file, ensuring contributors can continue working without disruption until compatibility with newer NodeJS versions is confirmed.

Overall, this release strengthens WordPress security without introducing breaking changes or requiring special migration steps, making it an important but straightforward update for all WordPress users.