Version 5.5.2

On October 29, 2020, WordPress 5.5.2 was released to the public.

Installation/Update Information #

To download WordPress 5.5.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://help.codibu.com/blog/kb/releases/.

For step-by-step instructions on installing and updating WordPress:

• Updating WordPress

If you are new to WordPress, we recommend that you begin with the following:

• New To WordPress – Where to Start
• First Steps With WordPress or Upgrading WordPress Extended
• WordPress Lessons

Top ↑

Summary #

Security updates #

Ten security issues affect WordPress versions 5.5 and earlier; version 5.5.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.5, there are also updated versions of 5.4 and earlier that fix the security issues.

• Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
• Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
• Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
• Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
• Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
• Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
• Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
• And a special thanks to @zieladam who was integral in many of the releases and patches during this release.

Top↑

Maintenance updates #

WordPress 5.5.2 also fixes some regressions introduced in version 5.5:

• #51130 – Events displayed in venue timezone instead of user’s
• #51659 – Update Gutenberg Dependencies for WordPress 5.5.2
• #50861 – Remove Facebook and Instagram as an oEmbed Source
• #50903 – Set the local environment to a development environment type by default
• #50949 – Posts show wrong time when user is in a different time zone than the site’s
• #51053 – Video Embeds set to align left disappear in Gutenberg editor
• #51175 – Wrong reply box title
• #51219 – Theme editor page showing undefined variable notice
• #51251 – Fix PHP notice when opening the edit image popup
• #51263 – PHP warning when editing comments in the administration comment edit screen
• #51320 – PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
• #51400 – Undefined index during automatic plugin/theme updates
• #51595 – Unable to make anonymous comments via XML-RPC
• #51645 – Undefined index: echo in core files

List of Files Revised #

wp-admin/about.php
 wp-admin/admin-header.php
 wp-admin/comment.php
 wp-admin/includes/ajax-actions.php
 wp-admin/includes/class-custom-background.php
 wp-admin/includes/class-custom-image-header.php
 wp-admin/includes/class-wp-automatic-updater.php
 wp-admin/includes/class-wp-community-events.php
 wp-admin/includes/dashboard.php
 wp-admin/includes/media.php
 wp-admin/includes/ms.php
 wp-admin/includes/template.php
 wp-admin/js/custom-background.js
 wp-admin/js/custom-background.min.js
 wp-admin/js/dashboard.js
 wp-admin/js/dashboard.min.js
 wp-admin/js/media-gallery.js
 wp-admin/js/media-gallery.min.js
 wp-admin/media-new.php
 wp-admin/network/site-users.php
 wp-includes/Requests/Utility/FilteredIterator.php
 wp-includes/assets/script-loader-packages.php
 wp-includes/class-wp-oembed.php
 wp-includes/class-wp-xmlrpc-server.php
 wp-includes/comment-template.php
 wp-includes/css/dist/block-editor/style-rtl.css
 wp-includes/css/dist/block-editor/style-rtl.min.css
 wp-includes/css/dist/block-editor/style.css
 wp-includes/css/dist/block-editor/style.min.css
 wp-includes/css/dist/block-library/editor-rtl.css
 wp-includes/css/dist/block-library/editor-rtl.min.css
 wp-includes/css/dist/block-library/editor.css
 wp-includes/css/dist/block-library/editor.min.css
 wp-includes/css/dist/components/style-rtl.css
 wp-includes/css/dist/components/style-rtl.min.css
 wp-includes/css/dist/components/style.css
 wp-includes/css/dist/components/style.min.css
 wp-includes/embed.php
 wp-includes/functions.php
 wp-includes/general-template.php
 wp-includes/images/crystal/license.txt
 wp-includes/js/comment-reply.js
 wp-includes/js/comment-reply.min.js
 wp-includes/js/dist/block-editor.js
 wp-includes/js/dist/block-editor.min.js
 wp-includes/js/dist/block-library.js
 wp-includes/js/dist/block-library.min.js
 wp-includes/js/dist/blocks.js
 wp-includes/js/dist/blocks.min.js
 wp-includes/js/dist/components.js
 wp-includes/js/dist/components.min.js
 wp-includes/js/dist/editor.js
 wp-includes/js/dist/editor.min.js
 wp-includes/meta.php
 wp-includes/post.php
 wp-includes/script-loader.php
 wp-includes/version.php

Top ↑

Updated packages #

 @popperjs/core: 2.5.3
 @wordpress/block-directory: 1.13.8
 @wordpress/block-editor: 4.3.8
 @wordpress/block-library: 2.22.8
 @wordpress/blocks: 6.20.4
 @wordpress/components: 10.0.7
 @wordpress/core-data: 2.20.4
 @wordpress/edit-post: 3.21.8
 @wordpress/editor: 9.20.8
 @wordpress/format-library: 1.22.8
 @wordpress/icons: 2.4.1
 @wordpress/interface: 0.7.7
 @wordpress/list-reusable-blocks: 1.21.7
 @wordpress/nux: 3.20.7
 @wordpress/plugins: 2.20.4
 @wordpress/server-side-render: 1.16.7
 body-scroll-lock: 3.1.5
 compute-scroll-into-view: 1.0.16
 dotenv: 8.2.0
 re-resizable: 6.7.0
 react-easy-crop: 3.2.2
 react-use-gesture: 7.0.16
 simple-html-tokenizer: 0.5.10
 tinycolor2: 1.4.2
 ua-parser-js: 0.7.22
 uc.micro:
              version: 1.0.6