HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

5.8.6

WordPress Release: 5.8.6

Tag Name: 5.8.6

Release Date: 10/17/2022

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 5.8.6 is a security and maintenance release that addresses several security vulnerabilities and includes important bug fixes. This update introduces strings for future security support status notifications, fixes timezone handling in tests, and includes multiple security-focused backports from newer WordPress versions. The release ensures WordPress 5.8.x remains secure while preparing for future maintenance communications.

Highlight of the Release

    • Introduction of strings to indicate security support status for future WordPress versions
    • Timezone handling updates for PHP 8.2 compatibility in tests
    • Multiple security-focused backports from newer WordPress versions
    • Enhanced security for post-by-email, comments, and RSS widgets

Migration Guide

No specific migration steps are required for this maintenance release. This is a standard security and bug fix update that maintains backward compatibility with previous 5.8.x versions.

Site administrators should:

  1. Back up their website before updating
  2. Update to WordPress 5.8.6 through the WordPress dashboard or via manual update
  3. Test their site functionality after the update

No database schema changes or breaking changes are included in this release.

Upgrade Recommendations

Immediate upgrade is strongly recommended for all sites running WordPress 5.8.x.

This release contains important security fixes that protect your site from potential vulnerabilities. As with any security release, updating promptly is the best way to ensure your site remains secure.

For sites on older versions of WordPress (5.7.x or earlier), consider updating to the latest supported version of WordPress for maximum security and feature improvements.

Bug Fixes

Test Compatibility Updates

  • Fixed timezone handling in date/time tests by replacing the deprecated Europe/Kiev timezone (deprecated in PHP 8.2) with Europe/Helsinki
  • This ensures tests run properly across all supported PHP versions

Grouped Backports

Multiple bug fixes have been backported from newer WordPress versions:

  • Fixed search by filename functionality within the admin
  • Validated relation parameter in WP_Date_Query
  • Reverted use of shared objects for current user
  • Reset PHPMailer properties between use to prevent issues with multiple email sends

New Features

New Support Status Indicators

New strings have been introduced to indicate the security support status of WordPress versions. These strings will be used in future maintenance and security releases to:

  • Notify users when a WordPress version is no longer receiving security updates
  • Alert users when a WordPress version will shortly stop receiving security updates

This change makes these strings available to translators in preparation for future use but does not implement the actual notifications in this release.

Security Updates

Security Enhancements

This release includes multiple security-focused backports:

  • REST API: Locked down post parameter of the terms endpoint
  • Customize: Escaped blogname option in underscores templates
  • Posts/Post Types: Applied KSES to post-by-email content
  • General: Validated host on "Are you sure?" screen
  • Posts/Post Types: Removed emails from post-by-email logs
  • Pings/Trackbacks: Applied KSES to all trackbacks
  • Comments: Applied KSES when editing comments
  • Widgets: Escaped RSS error messages for display

These changes strengthen WordPress against potential security vulnerabilities across multiple components.

Performance Improvements

No specific performance improvements were highlighted in this maintenance release. The focus was primarily on security enhancements and bug fixes to ensure WordPress 5.8.x remains stable and secure.

Impact Summary

WordPress 5.8.6 is primarily a security-focused maintenance release that addresses several potential vulnerabilities across multiple WordPress components. While it doesn't introduce new user-facing features, it significantly improves the security posture of WordPress 5.8.x installations.

The release also prepares for future maintenance communications by adding strings that will indicate security support status. This groundwork will help users understand when their WordPress version is approaching or has reached end-of-security-support in future releases.

For developers, the timezone handling changes in tests ensure better compatibility with PHP 8.2, though these changes are primarily relevant to those working on WordPress core or running the test suite.

Overall, this release represents WordPress's ongoing commitment to security and maintenance of supported versions, even as newer major versions are available.

Statistics:

File Changed37
Line Additions297
Line Deletions179
Line Changes476
Total Commits6

User Affected:

  • Benefit from improved security measures across multiple WordPress components
  • Should update immediately to protect their sites from potential security vulnerabilities
  • Will see preparations for future security support status notifications

Contributors:

peterwilsonccaudrasjbdesrosjSergeyBiryukov