WordPress Release: 5.9.1

TL;DR

WordPress 5.9.1 is a maintenance release that addresses several important bugs and issues found in WordPress 5.9. This update includes fixes for jQuery UI regressions, improvements to block themes and the editor, security enhancements for file uploads, and various bug fixes for Twenty Twenty-Two theme. The release focuses on improving stability, performance, and user experience for both classic and block themes.

Highlight of the Release

• Updated jQuery UI to version 1.13.1 to fix regressions in Widget, Autocomplete, Sortable, and Tooltip modules
• Fixed security issue with file uploads using Content-Disposition headers
• Improved handling of block themes and global styles
• Fixed several UI and styling issues in Twenty Twenty-Two theme
• Enhanced performance for classic themes by removing unnecessary queries
• Fixed duotone filter rendering in the editor

Migration Guide

No significant migration steps are required for WordPress 5.9.1 as it's primarily a maintenance release fixing bugs and improving stability. The update process follows the standard WordPress update procedure:

1. Backup your site: Always create a full backup of your website before updating.

2. Update WordPress: Use the automatic update feature in your WordPress dashboard or download the update from WordPress.org.

3. Test your site: After updating, thoroughly test your site's functionality, especially if you're using:

   • Custom block themes
   • jQuery UI dependent plugins or themes
   • Custom code that interacts with the block editor

4. Theme developers: If you've extended the WP_Theme_JSON or WP_Theme_JSON_Resolver classes, you may want to review your implementations as these classes now have protected methods instead of private ones.

5. Plugin developers: If your plugin relies on jQuery UI components, test thoroughly as jQuery UI has been updated to version 1.13.1.

Upgrade Recommendations

Immediate upgrade recommended for all WordPress 5.9 users.

This maintenance release addresses several important bugs and security enhancements that improve the stability and security of WordPress 5.9. The fixes for jQuery UI regressions, file upload security, and various theme and editor improvements make this an important update for all sites.

The update is particularly important for:

• Sites using block themes, especially Twenty Twenty-Two
• Sites with plugins that rely on jQuery UI components
• Sites that allow file uploads through WordPress core functionality
• Sites experiencing any of the specific issues mentioned in the bug fixes section

As with any WordPress update, it's recommended to backup your site before upgrading, though this maintenance release focuses on bug fixes rather than introducing new features that might cause compatibility issues.

Bug Fixes

Theme and UI Fixes

• Twenty Twenty-Two Theme Improvements:

  • Fixed alignment issues with group blocks that have background colors
  • Made 404 pattern search label and button translatable
  • Fixed headings consistency in Pricing table pattern
  • Removed negative side margins on group blocks with backgrounds
  • Optimized the assets/images/ducks.jpg image for better quality and file size
  • Replaced GitHub link with .org link in Theme URI

• Editor and Admin Interface:

  • Fixed blank notices appearing when adding custom fields or terms in the post editor
  • Fixed CSS issue on the Welcome Panel when the "Dashboard" heading is missing
  • Fixed missing markup from Widgets Group block

Core Functionality

• jQuery and JavaScript:

  • Updated jQuery UI to 1.13.1 to fix regressions in Widget, Autocomplete, Sortable, and Tooltip modules
  • Fixed the "Show hidden updates" button visibility and functionality by updating deprecated jQuery toggle event handlers

• CSS and Style Loading:

  • Fixed issues with CSS URL normalization to prevent affecting HTML IDs and data URIs
  • Ensured block themes load styles in the head section rather than the body
  • Improved loading of block support styles for block themes

• Template Handling:

  • Fixed performance issues for classic themes by removing unnecessary queries
  • Fixed issue where classic themes would show "Empty template: Index" when an empty block template file exists

• Global Styles:

  • Fixed PHP warning in WP_REST_Global_Styles_Controller when no styles exist
  • Ensured global styles load before theme styles in the editor

New Features

Enhanced Theme Support

• Protected Methods in Theme JSON Classes: Changed methods visibility from private to protected and added late static binding in WP_Theme_JSON and WP_Theme_JSON_Resolver classes, allowing for better extensibility.

• Improved Preset Handling: Fixed issues with theme presets provided via add_theme_support() to ensure they always create CSS Custom Properties, whether or not the theme has a theme.json file.

Editor Improvements

• Admin-only Navigation Menu UI: Restricted access to the Navigation Menu UI screen to admin roles only, providing consistent permissions for both block and non-block themes.

• Duotone Enhancements: Fixed duotone theme cache issues and improved rendering in non-FSE themes. Added support for custom filters and automatic application of global styles duotone filters in the post editor.

Security Updates

Security Enhancements

• File Upload Security: Fixed an issue with the Filesystem API where files fetched remotely with a Content-Disposition header were being stored in the WordPress root folder or wp-admin folder instead of the temporary directory. This change ensures files are properly stored in the temporary directory location, preventing potential security risks.

• Navigation Menu Access Control: Restricted access to the Navigation Menu UI screen to admin roles only, ensuring that non-admin users cannot access or modify navigation menus through the dedicated UI or via the Navigation block's "Manage menu" option.

Performance Improvements

Performance Enhancements

• Classic Theme Performance: Improved performance for classic themes by checking if the theme supports block-templates before calling locate_block_template() in get_query_template(), removing unnecessary database queries.

• Script Loading Optimization:

  • Prevented front-end assets of a block from being enqueued in the block editor, avoiding unexpected behavior and potential performance issues.
  • Improved the mechanism for loading block support styles, ensuring they're loaded in the appropriate location based on theme type.

• Installation Process: Disabled transients during WordPress installation by using wp_cache_*() functions instead of database operations, preventing database errors and improving installation reliability.

• Asset Loading: Optimized the loading sequence of global styles and theme styles to ensure proper cascading and rendering.

Impact Summary

WordPress 5.9.1 is a maintenance release that focuses on fixing bugs and improving stability rather than introducing new features. The impact is primarily positive, addressing several issues that affected user experience, security, and performance in WordPress 5.9.

The most significant improvements include:

1. Enhanced theme functionality: Fixed several issues in Twenty Twenty-Two theme and improved handling of block themes, ensuring better compatibility and user experience.

2. Security improvements: Addressed a potential security issue with file uploads using Content-Disposition headers, ensuring files are stored in the correct temporary directory.

3. Performance optimizations: Improved performance for classic themes by removing unnecessary queries and optimized the loading of styles for block themes.

4. jQuery UI update: Updated to jQuery UI 1.13.1 to fix regressions in several components, improving compatibility with plugins and themes that rely on these components.

5. Editor enhancements: Fixed issues with duotone filters, block rendering, and improved the handling of global styles in the editor.

Overall, this release provides important stability improvements that benefit all WordPress users, with particular emphasis on enhancing the experience for users of block themes and fixing issues that could affect site performance or security.