WordPress 5.3.1 – Security and Maintenance Update

WordPress 5.3.1 was released on 12 December and comes with plenty of bug fixes, enhancements, and security fixes.

Version 5.3.1 is mainly focused on security and maintenance features: around 46 bug fixes and enhancements are addressed in this release.

In most cases, whenever a new WordPress version is rolled out, users waste no time in updating their current version to avoid security threats. I’d personally suggest that you update your current version to WordPress 5.3.1 because the bugs squashed in new updates can make your website more vulnerable and an easy target for hackers.

To download WordPress 5.3.1, go to Dashboard > Updates and click Update Now. But If automatic updates are enabled on your WordPress, then this version will be already installed on your site.

Security Fixes

WordPress 5.3.1 addressed 4 security fixes and all the security vulnerabilities that were reported by the WordPress community.

Earlier versions of WordPress, from 3.7 to 5.3, all are affected by the following bugs that have been squashed in the new release:

1. Any user with false access permission could make a post sticky via the REST API.
2. An issue where cross-site scripting (XSS) could be stored in different links.
3. Hardened wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
4. An issue with a stored XSS vulnerability where it’s using block editor content.

Maintenance Updates

There are numerous maintenance bugs in this version but I’ve highlighted some of the important issues like:

1. The older versions had unstable form controls but version 5.3.1 introduced some remarkable CSS changes and some administration-level improvements. Core developers removed several top/bottom margin and padding and added standardize height for all control forms.
2. The alternate color scheme readability issues.
3. Issues with the block editor like fix Edge scrolling issues and intermittent JavaScript issues.
4. Twenty-Twenty theme: add customizer option to show/hide author bio, replace smooth scroll with CSS and fix Instagram embed CSS.
5. Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.

List of File Revised

src/js/_enqueues/lib/admin-bar.js

src/js/_enqueues/wp/widgets/media.js

src/js/media/views/settings.js

src/wp-admin/css/about.css

src/wp-admin/css/color-picker.css

src/wp-admin/css/colors/_admin.scss

src/wp-admin/css/colors/_mixins.scss

src/wp-admin/css/colors/_variables.scss

src/wp-admin/css/common.css

src/wp-admin/css/customize-controls.css

src/wp-admin/css/dashboard.css

src/wp-admin/css/edit.css

src/wp-admin/css/forms.css

And many more

List of Updated Packages

@wordpress/block-editor@3.2.5

@wordpress/block-library@2.9.6

@wordpress/core-data@2.7.5

@wordpress/edit-post@3.8.6

@wordpress/editor@9.7.6

@wordpress/format-library@1.9.5

jquery-hoverintent@1.8.3

hoverintent@2.2.1

You can check out on their official release page where you will find the full documentation of enhancements, bug fixes, and more information.

Do you have any questions? Ping me at farhan@app61.cloudwayssites.com!