Title: Version 5.5.2
Author: Jb Audras
Published: October 29, 2020

---

# Version 5.5.2

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#summary)
    - [Security updates](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#security-updates)
    - [Maintenance updates](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#maintenance-updates)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#list-of-files-revised)
 * [Updated packages](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#updated-packages)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#wp--skip-link--target)

On October 29, 2020, WordPress 5.5.2 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#installation-update-information)󠁿

To download WordPress 5.5.2, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 *  [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 *  [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 *  [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 *  [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#summary)󠁿

### 󠀁[Security updates](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#security-updates)󠁿

Ten security issues affect WordPress versions 5.5 and earlier; version 5.5.2 fixes
them, so you’ll want to upgrade. If you haven’t yet updated to 5.5, there are also
updated versions of 5.4 and earlier that fix the security issues.

 * Props to Alex Concha of the WordPress Security Team for their work in hardening
   deserialization requests.
 * Props to David Binovec on a fix to disable spam embeds from disabled sites on
   a multisite network.
 * Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS
   from global variables.
 * Thanks to Justin Tran who reported an issue surrounding privilege escalation 
   in XML-RPC. He also found and disclosed an issue around privilege escalation 
   around post commenting via XML-RPC.
 * Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
 * Thanks to Karim El Ouerghemmi from [RIPS](https://www.ripstech.com/) who disclosed
   a method to store XSS in post slugs.
 * Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a 
   method to bypass protected meta that could lead to arbitrary file deletion.
 * And a special thanks to @zieladam who was integral in many of the releases and
   patches during this release.

### 󠀁[Maintenance updates](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#maintenance-updates)󠁿

WordPress 5.5.2 also fixes some regressions introduced in version 5.5:

 * #51130 – Events displayed in venue timezone instead of user’s
 * #51659 – Update Gutenberg Dependencies for WordPress 5.5.2
 * #50861 – Remove Facebook and Instagram as an oEmbed Source
 * #50903 – Set the local environment to a development environment type by default
 * #50949 – Posts show wrong time when user is in a different time zone than the
   site’s
 * #51053 – Video Embeds set to align left disappear in Gutenberg editor
 * #51175 – Wrong reply box title
 * #51219 – Theme editor page showing undefined variable notice
 * #51251 – Fix PHP notice when opening the edit image popup
 * #51263 – PHP warning when editing comments in the administration comment edit
   screen
 * #51320 – PHP Notice while moving post to trash (post_type has 2 registered taxonomies
   both with default_term set)
 * #51400 – Undefined index during automatic plugin/theme updates
 * #51595 – Unable to make anonymous comments via XML-RPC
 * #51645 – Undefined index: echo in core files

WordPress 5.5.2 was led by [@whyisjake](https://profiles.wordpress.org/whyisjake/)
and the release squad: [@audrasjb](https://profiles.wordpress.org/audrasjb/), [@davidbaumwald](https://profiles.wordpress.org/davidbaumwald/),
[@desrosj](https://profiles.wordpress.org/desrosj/), [@johnbillion](https://profiles.wordpress.org/johnbillion/),
[@metalandcoffee](https://profile.wordpress.org/metalandcoffee), [@noisysocks](https://profiles.wordpress.org/noisysocks/)
[@planningwrite](https://profiles.wordpress.org/planningwrite/), [@sarahricker](https://profiles.wordpress.org/sarahricker/)
and [@sergeybiryukov](https://profiles.wordpress.org/sergeybiryukov/).

**Thank you to everyone who contributed to WordPress 5.5.2:**

[Aaron Jorbin](https://profiles.wordpress.org/jorbin/), [Alex Concha](https://profiles.wordpress.org/xknown/),
[Amit Dudhat](https://profiles.wordpress.org/wpamitkumar/), [Andrey “Rarst” Savchenko](https://profiles.wordpress.org/rarst/),
[Andy Fragen](https://profiles.wordpress.org/afragen/), [Ayesh Karunaratne](https://profiles.wordpress.org/ayeshrajans/),
[bridgetwillard](https://profiles.wordpress.org/bridgetwillard/), [Daniel Richards](https://profiles.wordpress.org/talldanwp/),
[David Baumwald](https://profiles.wordpress.org/davidbaumwald/), [Davis Shaver](https://profiles.wordpress.org/davisshaver/),
[dd32](https://profiles.wordpress.org/dd32/), [Florian TIAR](https://profiles.wordpress.org/mista-flo/),
[Hareesh](https://profiles.wordpress.org/hareesh-pillai/), [Hugh Lashbrooke](https://profiles.wordpress.org/hlashbrooke/),
[Ian Dunn](https://profiles.wordpress.org/iandunn/), [Igor Radovanov](https://profiles.wordpress.org/igorradovanov/),
[Jake Spurlock](https://profiles.wordpress.org/whyisjake/), [Jb Audras](https://profiles.wordpress.org/audrasjb/),
[John Blackbourn](https://profiles.wordpress.org/johnbillion/), [Jonathan Desrosiers](https://profiles.wordpress.org/desrosj/),
[Jon Brown](https://profiles.wordpress.org/jb510/), [Joy](https://profiles.wordpress.org/joyously/),
[Juliette Reinders Folmer](https://profiles.wordpress.org/jrf/), [kellybleck](https://profiles.wordpress.org/kellybleck/),
[mailnew2ster](https://profiles.wordpress.org/mailnew2ster/), [Marcus Kazmierczak](https://profiles.wordpress.org/mkaz/),
[Marius L. J.](https://profiles.wordpress.org/clorith/), [Milan Dinić](https://profiles.wordpress.org/dimadin/),
[Mohammad Jangda](https://profiles.wordpress.org/batmoo/), [Mukesh Panchal](https://profiles.wordpress.org/mukesh27/),
[Paal Joachim Romdahl](https://profiles.wordpress.org/paaljoachim/), [Peter Wilson](https://profiles.wordpress.org/peterwilsoncc/),
[Regan Khadgi](https://profiles.wordpress.org/regankhadgi/), [Robert Anderson](https://profiles.wordpress.org/noisysocks/),
[Sergey Biryukov](https://profiles.wordpress.org/sergeybiryukov/), [Sergey Yakimov](https://profiles.wordpress.org/yakimun/),
[Syed Balkhi](https://profiles.wordpress.org/smub/), [szaqal21](https://profiles.wordpress.org/szaqal21/),
[Tellyworth](https://profiles.wordpress.org/tellyworth/), [Timi Wahalahti](https://profiles.wordpress.org/sippis/),
[Timothy Jacobs](https://profiles.wordpress.org/timothyblynjacobs/), [Towhidul I. Chowdhury](https://profiles.wordpress.org/itowhid06/),
[Vinayak Anivase](https://profiles.wordpress.org/vinayakanivase/), and [zieladam](https://profiles.wordpress.org/zieladam/).

For more information, [browse the full list of changes on Trac](https://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=5.5.2&order=priority).

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    wp-admin/about.php
     wp-admin/admin-header.php
     wp-admin/comment.php
     wp-admin/includes/ajax-actions.php
     wp-admin/includes/class-custom-background.php
     wp-admin/includes/class-custom-image-header.php
     wp-admin/includes/class-wp-automatic-updater.php
     wp-admin/includes/class-wp-community-events.php
     wp-admin/includes/dashboard.php
     wp-admin/includes/media.php
     wp-admin/includes/ms.php
     wp-admin/includes/template.php
     wp-admin/js/custom-background.js
     wp-admin/js/custom-background.min.js
     wp-admin/js/dashboard.js
     wp-admin/js/dashboard.min.js
     wp-admin/js/media-gallery.js
     wp-admin/js/media-gallery.min.js
     wp-admin/media-new.php
     wp-admin/network/site-users.php
     wp-includes/Requests/Utility/FilteredIterator.php
     wp-includes/assets/script-loader-packages.php
     wp-includes/class-wp-oembed.php
     wp-includes/class-wp-xmlrpc-server.php
     wp-includes/comment-template.php
     wp-includes/css/dist/block-editor/style-rtl.css
     wp-includes/css/dist/block-editor/style-rtl.min.css
     wp-includes/css/dist/block-editor/style.css
     wp-includes/css/dist/block-editor/style.min.css
     wp-includes/css/dist/block-library/editor-rtl.css
     wp-includes/css/dist/block-library/editor-rtl.min.css
     wp-includes/css/dist/block-library/editor.css
     wp-includes/css/dist/block-library/editor.min.css
     wp-includes/css/dist/components/style-rtl.css
     wp-includes/css/dist/components/style-rtl.min.css
     wp-includes/css/dist/components/style.css
     wp-includes/css/dist/components/style.min.css
     wp-includes/embed.php
     wp-includes/functions.php
     wp-includes/general-template.php
     wp-includes/images/crystal/license.txt
     wp-includes/js/comment-reply.js
     wp-includes/js/comment-reply.min.js
     wp-includes/js/dist/block-editor.js
     wp-includes/js/dist/block-editor.min.js
     wp-includes/js/dist/block-library.js
     wp-includes/js/dist/block-library.min.js
     wp-includes/js/dist/blocks.js
     wp-includes/js/dist/blocks.min.js
     wp-includes/js/dist/components.js
     wp-includes/js/dist/components.min.js
     wp-includes/js/dist/editor.js
     wp-includes/js/dist/editor.min.js
     wp-includes/meta.php
     wp-includes/post.php
     wp-includes/script-loader.php
     wp-includes/version.php
    ```

## 󠀁[Updated packages](https://wordpress.org/documentation/wordpress-version/version-5-5-2/?output_format=md#updated-packages)󠁿

    ```wp-block-preformatted
     @popperjs/core: 2.5.3
     @wordpress/block-directory: 1.13.8
     @wordpress/block-editor: 4.3.8
     @wordpress/block-library: 2.22.8
     @wordpress/blocks: 6.20.4
     @wordpress/components: 10.0.7
     @wordpress/core-data: 2.20.4
     @wordpress/edit-post: 3.21.8
     @wordpress/editor: 9.20.8
     @wordpress/format-library: 1.22.8
     @wordpress/icons: 2.4.1
     @wordpress/interface: 0.7.7
     @wordpress/list-reusable-blocks: 1.21.7
     @wordpress/nux: 3.20.7
     @wordpress/plugins: 2.20.4
     @wordpress/server-side-render: 1.16.7
     body-scroll-lock: 3.1.5
     compute-scroll-into-view: 1.0.16
     dotenv: 8.2.0
     re-resizable: 6.7.0
     react-easy-crop: 3.2.2
     react-use-gesture: 7.0.16
     simple-html-tokenizer: 0.5.10
     tinycolor2: 1.4.2
     ua-parser-js: 0.7.22
     uc.micro: 1.0.6
    ```

First published

October 29, 2020

Last updated