WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.
Other highlights of this release include:
Hosts can now offer a button for their users to update PHP.
The recommended PHP version used by the “Update PHP” notice can now be filtered.
Version 5.1 of WordPress, named “Betty” in honour of acclaimed jazz vocalist Betty Carter, is available for download or update in your WordPress dashboard.
Following WordPress 5.0 — a major release which introduced the new block editor — 5.1 focuses on polish, in particular by improving the overall performance of the editor. In addition, this release paves the way for a better, faster, and more secure WordPress with some essential tools for site administrators and developers.
With security and speed in mind, this release introduces WordPress’s first Site Health features. WordPress will start showing notices to administrators of sites that run long-outdated versions of PHP, which is the programming language that powers WordPress.
When you install new plugins, WordPress’s Site Health features will check them against the version of PHP you’re running. If the plugin requires a version that won’t work with your site, WordPress will keep you from installing that plugin.
Introduced in WordPress 5.0, the new block editor continues to improve. Most significantly, WordPress 5.1 includes solid performance improvements within the editor. The editor should feel a little quicker to start, and typing should feel smoother.
Expect more performance improvements in the next couple of releases.
The Cron API has been updated with new functions to assist with returning data and includes new filters for modifying cron storage. Other changes in behavior affect cron spawning on servers running FastCGI and PHP-FPM versions 7.0.16 and above.
New test config file constant in the test suite, new plugin action hooks
Short-circuit filters for wp_unique_post_slug(), WP_User_Query, and count_users()
A new human_readable_duration function
Improved taxonomy metabox sanitization
Limited LIKE support for meta keys when using WP_Meta_Query
A new “doing it wrong” notice when registering REST API endpoints
This release was led by Matt Mullenweg, along with Gary Pendergast as Senior Code Reshuffler and Poet. They received wonderful assistance from the following 561 contributors for this release, 231 of whom were making their first ever contribution! Pull up some Betty Carter on your music service of choice, and check out some of their profiles:
This release includes the final About page design. It also contains fixes for:
New WordPress installs not setting the database table prefix correctly (#46220).
A HTTP error occurring when opening browser developer tools (#46218).
The legacy media dialog having incorrect pagination link styling (#41858).
The comment form not appearing when clicking “Reply” on comments loaded via Ajax (#46260).
Plugin and Theme Developers
Please test your plugins and themes against WordPress 5.1 and update the Tested up to version in the readme to 5.1. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.
The WordPress 5.1 Field Guide has also been published, which goes into the details of the major changes.
The momentum from December’s WordPress 5.0 release was maintained through January with some big announcements and significant updates. Read on to find out what happened in the WordPress project last month.
WordPress Leadership Grows
In a milestone announcement this month, WordPress project lead, Matt Mullenweg (@matt), named two individuals who are coming on board to expand the leadership team of the project.
WordPress 5.1 is slated for release on February 21, and we need your help to get there!
Site Health Check
One of the features originally slated for WordPress 5.1—the PHP error protection handler—will target WordPress 5.2 instead. Some potential security issues were discovered in the implementation: rather than risk releasing insecure code, the team decided to pull it out of WordPress 5.1. The work in #46130 is showing good progress towards addressing the security concerns, if you’d like to follow development progress on this feature.
A handful of smaller bugs have also been fixed in this release, including:
TinyMCE has been upgraded to version 4.9.2 (#46094).
The block editor has had a couple of bugs fixed (#46137).
A few differences in behaviour between the classic block and the classic editor have been fixed (#46062, #46071, #46085).
When adding rel attributes to links, ensure the value isn’t empty (#45352), and that it works as expected with customizer changesets (#45292).
WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers’ notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.
WordPress 5.1 is slated for release on February 21, and we need your help to get there. Here are some of the big items to test so we can find as many bugs as possible in the coming weeks.
Site Health Check
Site Health Check is an ongoing project aimed at improving the stability and performance of the entire WordPress ecosystem. The first phase of this project is included in WordPress 5.1. For the first time, WordPress will catch and pause the problem code, so you can log in to your Dashboard and see what the problem is (#44458). Before, you’d have to FTP in to your files or get in touch with your host.
New features, a big event, and important announcements marked December as a milestone month for the WordPress community.
Release of WordPress 5.0
On December 6 WordPress 5.0 was released. This release includes the much anticipated new block editor as the default editing experience. While some users have chosen to continue using the Classic Editor on their sites, many site owners have quickly upgraded to this latest version.
Two security and maintenance releases came out over the course of the month, with the latest update providing a huge boost to performance and stability.
The new version of WordPress comes a new default theme: Twenty Nineteen. This theme is designed to highlight how the block editor can be used.
WordPress co-founder Matt Mullenweg outlined 9 projects for the year 2019. These projects range from creating a block for navigations menus, porting all existing widgets into blocks, forming a triage team to tackle open issues on Trac and more.
A status update for porting existing widgets to blocks has been posted by Mel Choyce.
WordCamp US 2019 Dates announced
WordCamp US 2019 will be held during Nov. 1-3, 2019, in St Louis, Missouri. It will be one of our largest events of the year and will feature Matt Mullenweg’s annual State of the Word address.
The first release candidate for WordPress 5.0 is now available!
This is an important milestone, as we near the release of WordPress 5.0. The WordPress 5.0 release date has shifted from the 27th to give more time for the RC to be fully tested. A final release date will be announced soon, based on feedback on the RC. This is a big release and needs your help—if you haven’t tried 5.0 yet, now is the time!
WordPress 5.0 introduces the new block-based post editor. This is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living.
The block editor is used on over a million sites, we think it’s ready to be used on all WordPress sites. We do understand that some sites might need some extra time, though. If that’s you, please install the Classic Editor plugin, you’ll continue to use the classic post editor when you upgrade to WordPress 5.0.
Twenty Nineteen is WordPress’ new default theme, it features custom styles for the blocks available by default in 5.0. Twenty Nineteen is designed to work for a wide variety of use cases. Whether you’re running a photo blog, launching a new business, or supporting a non-profit, Twenty Nineteen is flexible enough to fit your needs.
The block editor is a big change, but that’s not all. We’ve made some smaller changes as well, including:
All of the previous default themes, from Twenty Ten through to Twenty Seventeen, have been updated to support the block editor.
You can improve the accessibility of the content you write, now that simple ARIA labels can be saved in posts and pages.
WordPress 5.0 officially supports the upcoming PHP 7.3 release: if you’re using an older version, we encourage you to upgrade PHP on your site.
Please test your plugins and themes against WordPress 5.0 and update the Tested up to version in the readme to 5.0. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release. An in-depth field guide to developer-focused changes is coming soon on the core development blog. In the meantime, you can review the developer notes for 5.0.