This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.
You can download WordPress 5.3.1 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security updates
Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues.
Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
Maintenance updates
Here are a few of the highlights:
Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
External libraries: update sodium_compat.
Site health: allow the remind interval for the admin email verification to be filtered.
Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
Users: ensure administration email verification uses the user’s locale instead of the site locale.
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.
Meet Jill Binder
Jill Binder never meant to become an activist. She insists it was an accident.
Despite that, Jill has led the Diversity Outreach Speaker Training working group in the WordPress Community team since 2017. This group is dedicated to increasing the number of women and other underrepresented groups who are stepping up to become speakers at WordPress Meetups, WordCamps, and events.
Jill’s back story
Internship
Jill’s WordPress story begins in 2011, in Vancouver, Canada. Jill secured an internship for her college program, working on a higher education website that was built in WordPress. As a thank you, her practicum advisor bought Jill a ticket to WordCamp Vancouver 2011: Developer’s Edition. After that Jill began freelancing with WordPress as a Solopreneur.
First steps in the WordPress community
The following year her internship advisor, who had become a client, was creating the first ever BuddyCamp for BuddyPress. He asked Jill to be on his organizing team. At that event she also moderated a panel that had Matt Mullenweg on it. Then, Jill was invited to be on the core organizing team for WordCamp Vancouver.
Part of this role meant reviewing and selecting speakers. From 40 speaker applications that could be a fit the team had to pick only 14 to speak.
The diversity challenge when selecting speakers
For anyone who has organized a conference, you know that speaker selection is hard. Of the 40 applications, 7 were from women, and the lead organizer selected 6 of those to be included in the speaker line up.
At this point Jill wasn’t aware that very few women apply to speak at tech conferences and suggested selection should be made on the best fit for the conference. The team shared that not only did they feel the pitches were good and fit the conference, but they also needed to be accepted or the Organizers would be criticized for a lack of diversity.
Selecting women for fear of criticism is embarrassing to admit, but that’s how people felt in 2013.
By the time the event happened, though, the number of women speakers dropped to 4. And with an additional track being added, the number of speakers overall was up to 28. Only 1 speaker in 7 was a woman (or 14%) and attendees did ask questions and even blogged about the lack of representation.
What keeps women from applying?
Later that year at WordCamp San Francisco—the biggest WordCamp at the time (before there was a WordCamp US)—Jill took the opportunity to chat with other organizers about her experience. She found out that many organizers had trouble getting enough women to present.
Surprisingly Vancouver had a high number of women applicants in comparison to others, and the consensus was more would be accepted if only more would apply.
Jill decided that she needed to know why this was happening? Why weren’t there more women applying? She started researching, reading, and talking to people.
Though this issue is complex, two things came up over and over:
“What would I talk about?”
“I’m not an expert on anything. I don’t know enough about anything to give a talk on it.”
A first workshop with encouraging results
Then Jill had an idea. She brought up the issue at an event and someone suggested that they should get women together in a room and brainstorm speaker topics.
So Jill became the lead of a small group creating a workshop in Vancouver: the talented Vanessa Chu, Kate Moore Hermes, and Mandi Wise. In one of the exercises that they created, participants were invited to brainstorm ideas—this proved that they had literally a hundred topic ideas and the biggest problem then became picking just one!
In the first workshop, they focussed on:
Why it matters that women (added later: diverse groups) are in the front of the room
The myths of what it takes to be the speaker at the front of the room (aka beating impostor syndrome)
Different presentation formats, especially story-telling
Finding and refining a topic
Tips to become a better speaker
Leveling up by speaking in front of the group throughout the afternoon
Vancouver Workshop 2014
Leading to workshops across North America and then the world
Other cities across North America heard about the workshop and started hosting them, adding their own material.
Many women who initially joined her workshop wanted help getting even better at public speaking. So Jill’s Vancouver team added in some material created from the other cities and a bit more of their own. Such as:
Coming up with a great title
Writing a pitch that is more likely to get accepted
Writing a bio
Creating an outline
At WordCamp Vancouver 2014—only one year since Jill started—there were 50% women speakers and 3 times the number of women applicants! Not only that, but this WordCamp was a Developer’s Edition, where it’s more challenging to find women developers in general, let alone those who will step up to speak.
More work is needed!
Impressive as those results were, the reason Jill is so passionate about this work is because of what happened next:
Some of the women who attended the workshop stepped up to be leaders in the community and created new content for other women.
A handful of others became WordCamp organizers. One year Vancouver had an almost all-female organizing team – 5 out of 6!
It also influenced local businesses. One local business owner loved what one of the women speakers said so much that he hired her immediately. She was the first woman developer on the team, and soon after she became the Senior Developer.
Diversity touches on many levels
Jill has seen time and again what happens when different people speak at the front of the room. More people feel welcome in the community. The speakers and the new community members bring new ideas and new passions that help to make the technology we are creating more inclusive. And together we generate new ideas that benefit everyone.
This workshop was so successful, with typical results of going from 10% to 40-60% women speakers at WordCamps, that the WordPress Global Community Team asked Jill to promote it and train it for women and all diverse groups around the world. In late 2017, Jill started leading the Diverse Speaker Training group (#wpdiversity).
Dozens of community members across the world have now been trained to lead the workshop. With now dozens of workshops worldwide, for WordPress and other open source software projects as well, there is an increase in speaker diversity.
WordCamp US 2019
As a result of the success, Jill is now sponsored to continue the program. The first sponsor is Automattic. She’s proud of how the diversity represented on the stage adds value not only to the brand but also in the long-term will lead to the creation of a better product. She’s inspired by seeing the communities change as a result of the new voices and new ideas at the WordPress events.
Jill’s leadership in the development and growth of the Diversity Outreach Speaker Training initiative has had a positive, measurable impact on WordPress community events worldwide. When WordPress events are more diverse, the WordPress project gets more diverse — which makes WordPress better for more people.”
Andrea Middleton, Community organizer on the WordPress open source project
This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.
Meet more WordPress community members over at HeroPress.com!
Correction: December 7, 2019 The original article mentioned the team Jill lead, but did not mention the team members who joined her. Those have been added. Apologies to Vanessa, Kate, and Mandi. 🙂
November has been a big month in the WordPress community. New releases, big events, and a push for more contributors have characterized the work being done across the project — read on to find out more!
You can read the full details of all the included enhancements in the 5.3 Field Guide.
Along with 5.3 came the new Twenty Twenty theme, which gives users more design flexibility and integrates with the block editor. For more information about the improvements to the block editor, expanded design flexibility, the Twenty Twenty theme, and to see the huge list of amazing contributors who made this release possible, read the full announcement.
bbPress 2.6 was released on November 12 after a little over six years in development. This new release includes per-forum moderation, new platforms to import from, and an extensible engagements API. You can read more about all of this in the bbPress codex.
Version 2.6.1 and 2.6.2 quickly followed, both of which fixed a number of bugs that required immediate attention.
WordCamp US 2019 was held in St. Louis, MO this year on November 1-3. At the event, @matt gave his annual State of the Word address, during which he shared what had been accomplished in the past year, announced what is coming next, and shared several ways to get involved.
During the State of the Word, Matt announced that there is now a dedicated landing page for Five for the Future, which features the people and organizations that commit at least it 5% of their resources to the WordPress open source project. There are many ways to contribute to WordPress, such as core development, marketing, translation, training, and community organizing, among many other important paths to contribution.
Five for the Future welcomes individuals and organizations, and highlights all the incredible ways we build WordPress together. For more information, visit the Five for the Future page.
The Core team has announced a new CSS focus to complement the existing ones for PHP and JavaScript — this focus comes with dedicated tags, targeted work, and a new #core-css Slack channel.
Version 2.2 of the WordPress Coding Standards has been released — this new release is ready for WordPress 5.3, includes five brand new sniffs, and plenty of new command-line documentation.
The latest update to the Theme Review Coding Standards, v0.2.1, is compatible with v2.2 of the WordPress Coding Standards, and helps authors to build more standards-compatible themes.
The WordCamp US team has announced the dates for next year’s event in St. Louis, MO — WordCamp US 2020 will be held on October 27-29. This will be the first time that the event will be held during the week and not on a weekend. The team has also announced a Call for Organizers. If you are interested in joining the team, learn more.
The WP Notify project, which is building a unified notification system for WordPress Core, is on hiatus until January 2020.
A working group on the Community Team has updated their Handbook to help organizers create more diverse events.
The WP-CLI team released v2.4.0 of the WordPress command-line tool. This release includes support for WordPress 5.3 and PHP 7.4.
Gutenberg development continues rapidly with the latest 7.0 release including an early version of the navigation menus block, among other enhancements and fixes.
Have a story that we should include in the next “Month in WordPress” post? Please submit it here.
Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution.
Simon has done a greatdeal of work on the WordPress project, and failing to mention his contributions is a huge oversight on our end.
Thank you to all of the reporters for privately disclosing vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.
Introducing our most refined user experience with the improved block editor in WordPress 5.3! Named “Kirk” in honour of jazz multi-instrumentalist Rahsaan Roland Kirk, the latest and greatest version of WordPress is available for download or update in your dashboard.
5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site.
This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the block editor. Creating beautiful web pages and advanced layouts has never been easier.
Block Editor Improvements
This enhancement-focused update introduces over 150 new features and usability improvements, including improved large image support for uploading non-optimized, high-resolution pictures taken from your smartphone or other high-quality cameras. Combined with larger default image sizes, pictures always look their best.
Accessibility improvements include the integration of block editor styles in the admin interface. These improved styles fix many accessibility issues: color contrast on form fields and buttons, consistency between editor and admin interfaces, new snackbar notices, standardizing to the default WordPress color scheme, and the introduction of Motion to make interacting with your blocks feel swift and natural.
For people who use a keyboard to navigate the dashboard, the block editor now has a Navigation mode. This lets you jump from block to block without tabbing through every part of the block controls.
Expanded Design Flexibility
WordPress 5.3 adds even more robust tools for creating amazing designs.
The new Group block lets you easily divide your page into colorful sections.
The Columns block now supports fixed column widths.
The new predefined layouts make it a cinch to arrange content into advanced designs.
Heading blocks now offer controls for text and background color.
Additional style options allow you to set your preferred style for any block that supports this feature.
Introducing Twenty Twenty
As the block editor celebrates its first birthday, we are proud that Twenty Twenty is designed with flexibility at its core. Show off your services or products with a combination of columns, groups, and media blocks. Set your content to wide or full alignment for dynamic and engaging layouts. Or let your thoughts be the star with a centered content column!
As befits a theme called Twenty Twenty, clarity and readability is also a big focus. The theme includes the typeface Inter, designed by Rasmus Andersson. Inter comes in a Variable Font version, a first for default themes, which keeps load times short by containing all weights and styles of Inter in just two font files.
Improvements for Everyone
Automatic Image Rotation
Your images will be correctly rotated upon upload according to the embedded orientation data. This feature was first proposed nine years ago and made possible through the perseverance of many dedicated contributors.
Improved Site Health Checks
The improvements introduced in 5.3 make it even easier to identify issues. Expanded recommendations highlight areas that may need troubleshooting on your site from the Health Check screen.
Admin Email Verification
You’ll now be periodically asked to confirm that your admin email address is up to date when you log in as an administrator. This reduces the chance of getting locked out of your site if you change your email address.
For Developers
Date/Time Component Fixes
Developers can now work with dates and timezones in a more reliable way. Date and time functionality has received a number of new API functions for unified timezone retrieval and PHP interoperability, as well as many bug fixes.
PHP 7.4 Compatibility
WordPress 5.3 aims to fully support PHP 7.4. This release contains multiple changes to remove deprecated functionality and ensure compatibility. WordPress continues to encourage all users to run the latest and greatest versions of PHP.
The squad was joined throughout the twelve week release cycle by 645 generous volunteer contributors (our largest group of contributors to date) who collectively fixed 658 bugs.
Put on a Rahsaan Roland Kirk playlist, click that update button (or download it directly), and check the profiles of the fine folks that helped:
Many thanks to all of the community volunteers who contribute in the support forums. They answer questions from people across the world, whether they are using WordPress for the first time or since the first release. These releases are more successful for their efforts!
Finally, thanks to all the community translators who worked on WordPress 5.3. Their efforts bring WordPress fully translated to 47 languages at release time, with more on the way.
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.
Meet Kim Parsell
We’d like to introduce you to Kim Parsell. Kim was an active and well-loved member of the WordPress community. Unfortunately, she passed away in 2015. Lovingly referred to as #wpmom, she leaves behind a legacy of service.
Kim Parsell
How Kim became #wpmom
In order to understand how highly valued the WordPress community was to Kim Parsell, you have to know a bit about her environment.
Kim was a middle-aged woman who lived off a dirt road, on top of a hill, in Southern rural Ohio. She was often by herself, taking care of the property with only a few neighbors up and down the road.
She received internet access from towers that broadcast wireless signals, similar to cell phones but at lower speeds.
Connecting through attending live podcast recordings
By listening to the regular podcast, WordPress Weekly, Kim met members of the WordPress community and was able to talk to them on a weekly basis. The show and its after-hours sessions provided Kim a chance to mingle with the who’s who of WordPress at the time. It helped establish long-lasting relationships that would open up future opportunities for her.
Since she lived in a location where few around her used or had even heard of WordPress, the community was an opportunity for her to be with like-minded people. Kim enjoyed interacting with the community, both online and at WordCamp events, and many community members became her second family, a responsibility she took very seriously.
“Many members of the WordPress community became her second family, a responsibility she took very seriously.”
Jeff Chandler
One of the first women of WordPress
Kim is regarded as one of the first “women of WordPress,” investing a lot of her time in women who wanted to break into tech. She worked hard to create a safe environment sharing herself and her knowledge and was affectionately called #wpmom.
She contributed countless hours of volunteer time, receiving “props” for 5 major releases of WordPress, and was active on the documentation team.
“Affectionately called #wpmom, Kim was an investor. She invested countless hours into the WordPress project and in women who wanted to break into tech.”
Carrie Dils
Kim at WordCamp San Francisco
Kim Parsell Memorial Scholarship
In 2014, she received a travel stipend offered by the WordPress Foundation that enabled her to attend the WordPress community summit, held in conjunction with WordCamp San Francisco. She shared with anyone who would listen, that this was a life-changing event for her.
The WordPress Foundation now offers that scholarship in her memory. The Kim Parsell Memorial Scholarship provides funding annually for a woman who contributes to WordPress to attend WordCamp US, a flagship event for the WordPress community.
This scholarship truly is a fitting memorial. Her contributions have been vital to the project. Moreover, the way she treated and encouraged the people around her has been an inspiration to many.
Her spirit lives on in the people she knew and inspired. Here’s hoping that the Kim Parsell Memorial Scholarship will serve to further inspire those who follow in her footsteps.
Drew Jaynes
Kim is missed, but her spirit continues to live on
Sadly Kim died just a few short months later. But her spirit lives on in the people she knew and inspired within her communities. The Kim Parsell Memorial Scholarship will serve to further inspire those who follow in her footsteps.
This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard.
Meet more WordPress community members over at HeroPress.com!
The fourth release candidate for WordPress 5.3 is now available!
WordPress 5.3 is currently scheduled to be released on November 12 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time!
There are two ways to test the WordPress 5.3 release candidate:
Five bugs in the Block Editor component (see #48502)
Plugin and Theme Developers
Please test your plugins and themes against WordPress 5.3 and update the Tested up to version in the readme to 5.3. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
It’s time for our annual user and developer survey! If you’re a WordPress user or professional, we want your feedback.
It only takes a few minutes to fill out the survey, which will provide an overview of how people use WordPress. We’re excited to announce that this year, for the first time, the survey is also available in 5 additional languages: French, German, Japanese, Russian, and Spanish. Many thanks to the community volunteers who helped with the translation effort!
The survey will be open for 4 weeks, and results will be published on this blog. All data will be anonymized: no email addresses or IP addresses will be associated with published results. To learn more about WordPress.org’s privacy practices, check out the privacy policy.
October has been a busy month with preparations for WordCamp US as well as the next major release of WordPress. Read on to find out about all that work and more.
WordPress 5.2.4
On October 14, WordPress 5.2.4 was released as a security release fixing 6 security issues. The fixes were backported to earlier versions of WordPress as well, so they’re available for sites not yet upgraded to 5.2.
WordPress 5.3 has seen active development over the past month, with a release date set for November 12. You can download and test the release candidate to get a taste of what to expect—this is largely what final release will look like.
Three new committers have been added to the WordPress Core organizational structure. Core committers are individuals who have direct access to the Core development code repositories in order to publish updates to the software.
The new committers are Ian Belanger (@ianbelanger), Timothy Jacobs (@timothyblynjacobs), and Joe Dolson (@joedolson). While Ian’s commit access is specifically for Core themes, both Timothy and Joe have full access to Core. This type of access is only given to individuals who have proved themselves with high-quality contributions and a deep understanding of how the WordPress project works.
The third release candidate for WordPress 5.3 is now available!
WordPress 5.3 is currently scheduled to be released on November 12 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time!
There are two ways to test the WordPress 5.3 release candidate:
For details about what to expect in WordPress 5.3, please see the first and second release candidate posts.
Release Candidate 3 contains improvements to the new About page, bug fixes for the new default theme, Twenty Twenty (see #48450), and 9 fixes for the following bugs and regressions:
Four bugs in the block editor have been fixed (see #48447).
Three Date/Time related bugs have been fixed (see #48384).
A regression in date_i18n() has been fixed (see #28636).
An accessibility color contrast regression for primary buttons when using alternate admin color schemes was fixed (see #48396).
Plugin and Theme Developers
Please test your plugins and themes against WordPress 5.3 and update the Tested up to version in the readme to 5.3. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
