Version 5.3.3

On April 29, 2020, WordPress 5.3.3 was released to the public.

Installation/Update Information

To download WordPress 5.3.3, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

Security updates

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
  • Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.

Maintenance updates

  • #39768 – Incorrect image returned with attachment_url_to_postid()
  • #49013 – Alignment of form controls inside a custom meta box
  • #49018 – Cleanup CSS for .language-chooser large Continue button
  • #49038 – Timezone setting does not display correct time of next DST transition
  • #49048 – Add unit tests for v5.3.1 block serialization functions
  • #49050 – skipOnAutomatedBranches() does not work as expected
  • #49115 – Published on select dropdown has a line height issue in WP Admin
  • #49134 – Missing translation string in media-views.js
  • #49197 – button padding on edit plug and edit theme on mobile device
  • #49476 – Incorrect links to export/delete personal data in emails

List of Files Revised

/wp-includes/blocks/rss.php
/wp-includes/blocks/search.php
/wp-includes/cache.php
/wp-includes/class-wp-customize-manager.php
/wp-includes/class-wp-query.php
/wp-includes/formatting.php
/wp-includes/post.php
/wp-includes/user.php

First published

Last updated