WordPress 5.3.1 Security and Maintenance Release
WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.
You can download WordPress 5.3.1 by clicking this link, or visit your WordPress website's Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues:
- An issue where an unprivileged user could make a post sticky via the REST API.
- An issue where cross-site scripting (XSS) could be stored in well-crafted links.
wp_kses_bad_protocol()is ensured to be aware of the named colon attribute.
- A stored XSS vulnerability using block editor content.
Here are a few of the highlights:
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user’s locale instead of the site locale.
- For more information, browse the full list of changes on Trac or check out the version 5.3.1 HelpHub documentation page.