WordPress Release: 6.4.4

TL;DR

WordPress 6.4.4 is a maintenance release that addresses several development environment improvements and fixes a critical issue with ZIP file validation. The update enhances the local development experience for contributors using Apple Silicon Macs by fixing Docker container compatibility issues and upgrades Node.js in GitHub Codespaces. Most importantly, it introduces a fallback mechanism for validating ZIP file uploads when ZipArchive fails, improving security and reliability for all WordPress sites.

Highlight of the Release

• Fixed ZIP file validation with new fallback mechanism using PclZip
• Improved Docker container compatibility for Apple Silicon Macs
• Updated Node.js version to 20 in GitHub Codespaces
• Enhanced development environment documentation

Migration Guide

Local Development Environment Changes

If you're using the local Docker development environment on Apple Silicon Macs with MySQL 5.7 or earlier, you'll need to create a docker-compose.override.yml file as a workaround. The documentation has been updated with instructions for this process.

For most users, no migration steps are required as the changes are backward compatible and focused on development tooling rather than production functionality.

Upgrade Recommendations

This maintenance release is recommended for all WordPress users, particularly those who manage sites where file uploads are a critical functionality. The improvements to ZIP file validation enhance security and reliability for all WordPress installations.

For developers using Apple Silicon Macs or GitHub Codespaces, this update significantly improves the development experience and is highly recommended.

As with all WordPress updates, it's advisable to back up your site before upgrading, though this release focuses on development environment improvements and bug fixes rather than core functionality changes.

Bug Fixes

ZIP File Validation Fix

Fixed an issue where ZipArchive could incorrectly report valid ZIP files as invalid during upload. The update introduces a fallback to PclZip for secondary validation when ZipArchive fails, improving the reliability of file uploads.

Docker Container Compatibility Fix

Resolved compatibility issues with MySQL Docker containers on Apple Silicon Macs. The update removes the amd64/ prefix for database container images and raises the default MySQL version to 8.0 (current LTS), which provides native arm64 container support.

Test Reliability Improvements

Updated expectations in wp_remote_head() and wp_remote_get() tests to account for changes in image compression on WP.com. The tests now use direct file URLs and updated image size expectations to match current responses, making tests more reliable across platforms.

New Features

New ZIP File Validation Function

WordPress 6.4.4 introduces a new function wp_zip_file_is_valid() that provides more reliable validation of ZIP archives. This function implements a fallback mechanism that uses PclZip when ZipArchive fails to correctly validate ZIP files, ensuring that valid files aren't incorrectly rejected during the upload process.

Security Updates

Enhanced ZIP File Validation

While not explicitly labeled as a security fix, the improvements to ZIP file validation enhance the security posture of WordPress installations. The new fallback mechanism ensures that ZIP files are properly validated before being processed, reducing the risk of accepting malformed or potentially malicious archives.

Performance Improvements

Development Environment Performance

The update to Node.js version 20 in GitHub Codespaces provides performance improvements for development workflows. Additionally, the switch to MySQL 8.0 as the default for local development environments offers better performance and compatibility with modern hardware, particularly for developers using Apple Silicon Macs.

Impact Summary

WordPress 6.4.4 is primarily a maintenance and development tooling update with minimal impact on end users. The most significant change is the improved ZIP file validation, which enhances security and reliability for all WordPress sites by ensuring valid ZIP files aren't incorrectly rejected during upload.

For developers, particularly those using Apple Silicon Macs, the update resolves important compatibility issues with Docker containers and improves the local development experience. The update to Node.js 20 in GitHub Codespaces brings the development environment in line with current LTS versions.

The release also includes several test reliability improvements that won't affect end users but will help ensure WordPress's quality and stability moving forward.

Overall, this is a targeted release addressing specific development environment issues and a critical file validation bug, with minimal risk of disruption to existing sites.