WordPress 4.4.1 Security and Maintenance Release



I have been putting off upgrading to WordPress 4.4 since it was released almost a month ago. However after being alerted to release of WordPress 4.4.1 which is a security and maintenance release, I knew I couldn’t put the upgrade off any longer.

WordPress 4.4.1 addresses a XSS (cross-site scripting) vulnerability affecting WordPress versions 4.4 and earlier that could allow malicious users to compromise any website running unpatched versions. This particular security vulnerability was reported by Crtc4L, an independent security researcher from the Philippines.

Aside from the vulnerability mentioned above, this release also includes several non-security bug fixes:

  • Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji! 👍🏿👌🏽👏🏼
  • Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
  • If a post URL was ever re-used, the site could redirect to the wrong post.

Below are the other 52 bugs fixed from the previous version – WordPress 4.4 as listed in the release notes:

Administration

  • 34987 “Configure” link for dashboard widgets no longer displayed.
  • 35047 Notices are not moved to first header when header-elements are nested inside .wrap
  • 35057 bug in new default_hidden_columns filter
  • 35112 Screen Options in Appearance -> Menu not saved correctly sometimes

Bootstrap/Load

  • 34967 SHORTINIT and date_i18n: Call to undefined function _x()
  • 35013 WP4.4 function handle_404 yelds a fatal error on line 613 when trying to clone $wp_query->post if it’s not an object

Build/Test tools

  • 30787 Shrinkwrap NPM dependencies

Bundled Theme

  • 35270 Bump twentysixteen for 4.4.1

Canonical

  • 34890 Canonical meta tag for paginated posts incorrect with ugly permalinks

Comments

  • 34946 new comment redirects break anchors in Safari
  • 34997 preprocess_comment filter does not contain old user_ID field for user_id, instead it has new user_id field
  • 35006 Comments sent immediately to Trash for matching keyword blacklist should not generate email notifications
  • 35025 Performance regression in comments_template in 4.4
  • 35068 Comments not showing up when there are unapproved messages
  • 35175 Page parameter no longer works in wp_list_comments

Customize

  • 35081 Missing Change Theme button when there are only two themes available

Embeds

  • 35152 Remove Rdio embed support
  • 35194 Remove embed discovery tags from HTML header of static home pages
  • 35237 Invalid argument supplied for foreach() in /wp-includes/embed-template.php on line 54

Emoji

  • 33592 Unicode 8.0 Emoji

External Libraries

  • 34948 Update random_compat for “Don’t instantiate COM if it’s a disabled class”

Filesystem API

  • 34976 Plug ins fail to update after WP 4.4 installed

Formatting

  • 35008 Ampersands in URLs are no longer converted to entities
  • 35058 PHP Fatal when map_deep tries to work on an object that has a property by reference

HTTP API

  • 34935 Removed SSL certificates causing errors in WP 4.4

Help/About

  • 35215 Setting help tab priorities fails to correctly order the tabs

Login/Registration

  • 34925 4.4 wp-login.php: no longer possible to use the login_post scheme
  • 35103 login_url Filter is now applied to Login Form Action Attribute

Mail

  • 35212 Update PHPMailer to 5.2.14

Media

  • 35045 Responsive images not added when effective scheme differs from image src scheme
  • 35101 image_default_link_type option not being respected
  • 35102 Responsive images support for external URLs
  • 35106 Responsive images break uploads with full path stored in metadata
  • 35108 Responsive images blurry — srcset attribute doesn’t include full size version
  • 35153 Default link target for media files is none

Menus

  • 34446 WordPress Notice after add support for post type archives in menu
  • 34449 Remove CPT if exists menu item
  • 35107 wp_nav_menu outputs tags without line breaks in 4.4, causes strange bug with justified text

Permalinks

  • 35084 check for post status in get_page_uri causes issues with permalinks

Query

  • 35031 wp_old_slug_redirect() in 4.4 redirecting existing posts
  • 35115 404 error when URL includes title=…

Shortcodes

  • 34939 Shortcode regex no longer matches [shortcode=XXX]

Taxonomy

  • 34723 Warning in get_the_terms() because of non-array
  • 35089 Query var on non-public taxonomy remains boolean true since [35333]
  • 35137 get_terms() with a meta_query filter returns duplicated terms
  • 35156 wp_list_categories() does not accept comma-separated IDs for exclude_tree parameter
  • 35180 In WordPress 4.4 the_tags() is displaying tags ordered by ID instead of alphabetically by name

Themes

  • 34962 Issues with wp_get_document_title function causing problems with document titles

Users

  • 34993 Deleting a user no longer asks what to do with their content

Widgets

  • 34978 Extra quotes in title in WP_Widget_RSS class, widget method
  • 34995 WP_Widget::widget not called

XML-RPC

  • 35053 XML-RPC when post with date_created_gmt, its post_date will gmt date not local date
  • 35185 Unable to create Post via XMLRPC after upgrading to 4.4

If you would like update your WordPress installation to WordPress 4.4.1, login to your admin dashboard and go to Dashboard > Updates and click on Update Now. You can also upgrade manually by downloading WordPress 4.4.1 from the official site and uploading it via FTP. Sites that have the automatic background updates enabled, don’t have to do anything because the software will do it for you automatically.

As a safety measure, make sure that you backup your WordPress database as well as other important files such as the wp-config.php file, .htaccess file, wp-content folder and other custom files. Another thing you can do to prevent any conflicts or issues is to deactivate all active plugins.

Anyone else upgraded or plan to upgrade to WordPress 4.4.1? Did you encounter any issues or conflicts during or after the upgrade? Please share your thoughts by leaving a comment below.

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *