On September 8, 2021, WordPress 5.8.1 was released to the public.
To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
3 security issues affects WordPress versions between 5.4 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the following security issues:
- Props @mdawaffe, member of the WordPress Security Team for their work fixing a data exposure vulnerability within the REST API.
- Props to Michał Bentkowski of Securitum for reporting a XSS vulnerability in the block editor.
- The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.
In addition to these issues, the security team would like to thank the following people for reporting vulnerabilities during the WordPress 5.8 beta testing period, allowing them to be fixed prior to release:
- Props Evan Ricafort for reporting a XSS vulnerability in the block editor discovered during the 5.8 release’s beta period.
- Props Steve Henty for reporting a privilege escalation issue in the block editor.
Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.
WordPress 5.8.1 Release Candidate 1 features 41 bug fixes on Core, as well as 20 bug fixes for the Block Editor.
The following core tickets from Trac are fixed:
- #52818 – Ordering metaboxes broken in WP 5.7
- #53556 – Add a new template-editing tag to the Theme API
- #53562 – Widgets Editor in Customizer doesn’t load with E2E tests + 0ms Animations
- #53609 – Responsive widget block embeds not showing in the customizer
- #53616 – Registered block styles should only be rendered when the block exists on a page
- #53641 – Can not configure image widget (and others) in widget accessability mode
- #53654 – Menus: Hide bulk-select options when no menus exist
- #53667 – Support
wp_editor_set_qualityfor both loaded and saved
- #53668 – Generated images for one file can be overwritten by another with the same name when mapping mime types for generated images
- #53679 – The media library looks broken on mobile
- #53680 – Correct inline documentation about
- #53696 – wp_add_iframed_editor_assets_html() not checking for block editor
- #53697 – Possible Regression – Border settings not displaying for Button Block
- #53702 – Four css files removed between 5.7.x and 5.8 were not included in $_old_files
- #53713 – Bounce underscore.js version in script-loader
- #53714 – Bounce jquery.form.js version in script-loader
- #53715 – Bounce hoverIntent.js version in script-loader
- #53716 – The “/” missing at the end of image tag
- #53719 –
grunt clean:cssdoes not clean the
- #53738 – Broken loop in WP_Theme_JSON_Resolver
- #53752 – Twenty Ten: Block patterns file causes error in child themes
- #53757 – Widget editor calls get_block_categories() with incorrect arg type
- #53769 – Bundled themes: block-patterns.php file should use
- #53773 – /wp-admin/includes/ajax-actions.php file line 3006 is creating divide by zero error
- #53777 – Bump bundled theme versions for
- #53799 – Remove version-controlled files check from Test Old Branches workflow
- #53803 – Customizer: Radio button on background image position selector visible on focus
- #53820 – Build doesn’t support Docker Compose V2
- #53827 – Increase number of media items displayed when clicking button to “Load More”
- #53830 – Default filters try to create nonce during installation before options table exists
- #53833 – ‘Replace image’ Media Modal is missing select fields under filter media due to css issues
- #53877 – Menus: Selected display locations for new menus aren’t saved
- #53898 – Duplicated 404 templates in the TemplatePanel
- #53922 – Docblock in get_block_editor_settings function
- #53932 – Media grid view doesn’t show all media elements
- #53936 – Output of serialize_block_attributes does not match equivalent Gutenberg function
- #53955 – Fix and improve the docs for the image_editor_output_format filter
- #54030 – Pressing esc in Widgets Editor closes panel in customizer
- #54036 – PclZip throwing errors on PHP 8 – previously merged patch is incomplete
- #54052 – Block editor package updates for 5.8.1
For more information, browse the full list of changes on Trac.
Fixed Block editor issues from GitHub:
- PR33384 – Fix API docs for data reference guides
- PR33381 – Docs: use markdown headings instead of links for API declarations
- PR33498 – Docs: Run Prettier after updating API in documentation
- PR33549 – Use tabs instead of spaces in block transform doc example
- PR30617 – Fix metabox reordering
- PR32083 – Block editor: move layout styles to document head (instead of rendering inline)
- PR33814 – Widgets: Allow HTML tags in description
- PR33457 – Editor: Set ‘hide_empty’ for the most used terms query
- PR33482 – Update widget editor help links to point to the new support article
- PR33621 – Fixed that the block is selected instead of the title when using the select all shortcut.
- PR33699 – Writing flow: select all: remove early return for post title
- PR33618 – Call onChangeSectionExpanded conditionally
- PR33679 – FontSizePicker: Use number values when the initial value is a number
- PR33739 – Fix justification for button block when selected
- PR33771 – Add error boundaries to widget screens
- PR33802 – Fix insertion point in Widgets editors
- PR34280 – Default batch processor: Respect the batch endpoint’s maxItems
- PR34314 – Fix button block focus trap after a URL has been added
- PR34076 – Text for dropdown fields within legacy widgets in the Customizer is off centered
- PR32935 – Add a SearchControl component and reuse accross the UI(class change in tests)
Thanks and props!
The 5.8.1 release was led by Jonathan Desrosiers and Evan Mullins.
In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.8.1 happen:
2linctools, Adam Zielinski, Alain Schlesser, Alex Lende, alexstine, AlGala, André, Andrei Draganescu, Andrew Ozz, Ankit Panchal, Anthony Burchell, Anton Vlasenko, Ari Stathopoulos, Bruno Ribaric, Carolina Nymark, Daisy Olsen, Daniel Richards, Daria, David Anderson, David Biňovec, David Herrera, Dominik Schilling, Ella van Durpe, Enchiridion, Evan Mullins, Gary Jones, George Mamadashvili, Greg Ziółkowski, Héctor Prieto, ianmjones, Jb Audras, Jeff Bowen, Joe Dolson, Joen A., John Blackbourn, Jonathan Desrosiers, JuanMa Garrido, Juliette Reinders Folmer, Kai Hao, Kapil Paul, Kerry Liu, Kevin Fodness, Marcus Kazmierczak, Mark-k, Matt, Michael Adams (mdawaffe), Mike Schroder, moch11, Mukesh Panchal, Nik Tsekouras, Paal Joachim Romdahl, Pascal Birchler, Paul Bearne, Paul Biron, Peter Wilson, Petter Walbø Johnsgård, Radixweb, Rahul Mehta, ramonopoly, ravipatel, Riad Benguella, Robert Anderson, Rodrigo Arias, Sanket Chodavadiya, Sergey Biryukov, Stephen Bernhardt, Stephen Edgar, Steve Henty, terraling, Timothy Jacobs, tmatsuur, TobiasBg, Tonya Mork, Toro_Unit (Hiroshi Urabe), Vlad T, wb1234, and WFMattR.
List of Files Revised
license.txt wp-admin/about.php wp-admin/customize.php wp-admin/edit-form-blocks.php wp-admin/includes/ajax-actions.php wp-admin/includes/class-custom-background.php wp-admin/includes/class-pclzip.php wp-admin/includes/theme.php wp-admin/includes/update-core.php wp-admin/js/customize-controls.js wp-admin/js/customize-controls.min.js wp-admin/js/editor-expand.js wp-admin/js/editor-expand.min.js wp-admin/js/editor.js wp-admin/js/editor.min.js wp-admin/js/widgets/custom-html-widgets.js wp-admin/js/widgets/custom-html-widgets.min.js wp-admin/js/widgets/media-widgets.js wp-admin/js/widgets/media-widgets.min.js wp-admin/nav-menus.php wp-admin/widgets-form-blocks.php wp-includes/assets/script-loader-packages.php wp-includes/block-editor.php wp-includes/blocks.php wp-includes/class-wp-customize-widgets.php wp-includes/class-wp-editor.php wp-includes/class-wp-image-editor.php wp-includes/class-wp-theme-json-resolver.php wp-includes/class-wp-theme-json.php wp-includes/compat.php wp-includes/css/dist/block-editor/style-rtl.css wp-includes/css/dist/block-editor/style-rtl.min.css wp-includes/css/dist/block-editor/style.css wp-includes/css/dist/block-editor/style.min.css wp-includes/css/dist/edit-widgets/style-rtl.css wp-includes/css/dist/edit-widgets/style-rtl.min.css wp-includes/css/dist/edit-widgets/style.css wp-includes/css/dist/edit-widgets/style.min.css wp-includes/css/dist/widgets/style-rtl.css wp-includes/css/dist/widgets/style-rtl.min.css wp-includes/css/dist/widgets/style.css wp-includes/css/dist/widgets/style.min.css wp-includes/css/media-views-rtl.css wp-includes/css/media-views-rtl.min.css wp-includes/css/media-views.css wp-includes/css/media-views.min.css wp-includes/customize/class-wp-customize-background-position-control.php wp-includes/functions.php wp-includes/general-template.php wp-includes/images/crystal/license.txt wp-includes/js/dist/block-editor.js wp-includes/js/dist/block-editor.min.js wp-includes/js/dist/block-library.js wp-includes/js/dist/block-library.min.js wp-includes/js/dist/components.js wp-includes/js/dist/components.min.js wp-includes/js/dist/core-data.js wp-includes/js/dist/core-data.min.js wp-includes/js/dist/customize-widgets.js wp-includes/js/dist/customize-widgets.min.js wp-includes/js/dist/data.js wp-includes/js/dist/edit-post.js wp-includes/js/dist/edit-post.min.js wp-includes/js/dist/edit-widgets.js wp-includes/js/dist/edit-widgets.min.js wp-includes/js/dist/editor.js wp-includes/js/dist/editor.min.js wp-includes/js/media-models.js wp-includes/js/media-models.min.js wp-includes/js/quicktags.js wp-includes/js/quicktags.min.js wp-includes/js/tinymce/plugins/wordpress/plugin.js wp-includes/js/tinymce/plugins/wordpress/plugin.min.js wp-includes/js/tinymce/wp-tinymce.js wp-includes/script-loader.php wp-includes/theme.json wp-includes/version.php