{"id":13594046,"date":"2020-10-29T20:37:48","date_gmt":"2020-10-29T20:37:48","guid":{"rendered":"https:\/\/wordpress.org\/support\/?post_type=helphub_version&amp;p=13594046"},"modified":"2020-10-29T20:37:48","modified_gmt":"2020-10-29T20:37:48","slug":"version-5-5-2","status":"publish","type":"helphub_version","link":"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-5-5-2\/","title":{"rendered":"Version 5.5.2"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">On October 29, 2020, WordPress 5.5.2 was released to the public. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installation\/Update Information<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To download WordPress 5.5.2, update automatically from the Dashboard &gt; Updates menu in your site&#8217;s admin area or visit <a href=\"https:\/\/wordpress.org\/download\/release-archive\/\">https:\/\/wordpress.org\/download\/release-archive\/<\/a>. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For step-by-step instructions on installing and updating WordPress:\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> <a href=\"https:\/\/wordpress.org\/documentation\/article\/updating-wordpress\/\">Updating WordPress<\/a><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If you are new to WordPress, we recommend that you begin with the following:\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> <a href=\"\/support\/article\/new_to_wordpress_-_where_to_start\/\">New To WordPress &#8211; Where to Start<\/a><\/li><li> <a href=\"\/support\/article\/first-steps-with-wordpress\/\">First Steps With WordPress<\/a> or <a href=\"https:\/\/wordpress.org\/documentation\/article\/upgrading-wordpress-extended-instructions\/\">Upgrading WordPress Extended<\/a><\/li><li> <a href=\"\/support\/article\/wordpress-lessons\/\">WordPress Lessons<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Security updates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Ten security issues affect WordPress versions 5.5 and earlier; version 5.5.2 fixes them, so you\u2019ll want to upgrade. If you haven\u2019t yet updated to 5.5, there are also updated versions of 5.4 and earlier that fix the security issues.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.<\/li><li>Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.<\/li><li>Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.<\/li><li>Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.<\/li><li>Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.<\/li><li>Thanks to Karim El Ouerghemmi from&nbsp;<a href=\"https:\/\/www.ripstech.com\/\">RIPS<\/a>&nbsp;who disclosed a method to store XSS in post slugs.<\/li><li>Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.<\/li><li>And a special thanks to @zieladam who was integral in many of the releases and patches during this release.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Maintenance updates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">WordPress 5.5.2 also fixes some regressions introduced in version 5.5:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>#51130 \u2013 Events displayed in venue timezone instead of user&#8217;s<\/li><li>#51659 \u2013 Update Gutenberg Dependencies for WordPress 5.5.2<\/li><li>#50861 \u2013 Remove Facebook and Instagram as an oEmbed Source<\/li><li>#50903 \u2013 Set the local environment to a development environment type by default<\/li><li>#50949 \u2013 Posts show wrong time when user is in a different time zone than the site&#8217;s<\/li><li>#51053 \u2013 Video Embeds set to align left disappear in Gutenberg editor<\/li><li>#51175 \u2013 Wrong reply box title<\/li><li>#51219 \u2013 Theme editor page showing undefined variable notice<\/li><li>#51251 \u2013 Fix PHP notice when opening the edit image popup<\/li><li>#51263 \u2013 PHP warning when editing comments in the administration comment edit screen<\/li><li>#51320 \u2013 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)<\/li><li>#51400 \u2013 Undefined index during automatic plugin\/theme updates<\/li><li>#51595 \u2013 Unable to make anonymous comments via XML-RPC<\/li><li>#51645 \u2013 Undefined index: echo in core files<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">WordPress 5.5.2 was led by <a href=\"https:\/\/profiles.wordpress.org\/whyisjake\/\">@whyisjake<\/a> and the release squad:&nbsp;<a href=\"https:\/\/profiles.wordpress.org\/audrasjb\/\">@audrasjb<\/a>,&nbsp;<a href=\"https:\/\/profiles.wordpress.org\/davidbaumwald\/\">@davidbaumwald<\/a>,&nbsp;<a href=\"https:\/\/profiles.wordpress.org\/desrosj\/\">@desrosj<\/a>,&nbsp;<a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">@johnbillion<\/a>, <a href=\"https:\/\/profile.wordpress.org\/metalandcoffee\">@metalandcoffee<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/noisysocks\/\">@noisysocks<\/a>&nbsp;<a href=\"https:\/\/profiles.wordpress.org\/planningwrite\/\">@planningwrite<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sarahricker\/\">@sarahricker<\/a> and&nbsp;<a href=\"https:\/\/profiles.wordpress.org\/sergeybiryukov\/\">@sergeybiryukov<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Thank you to everyone who contributed to WordPress 5.5.2:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/profiles.wordpress.org\/jorbin\/\">Aaron Jorbin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/xknown\/\">Alex Concha<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/wpamitkumar\/\">Amit Dudhat<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/rarst\/\">Andrey &#8220;Rarst&#8221; Savchenko<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/afragen\/\">Andy Fragen<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ayeshrajans\/\">Ayesh Karunaratne<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/bridgetwillard\/\">bridgetwillard<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/talldanwp\/\">Daniel Richards<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/davidbaumwald\/\">David Baumwald<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/davisshaver\/\">Davis Shaver<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dd32\/\">dd32<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mista-flo\/\">Florian TIAR<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/hareesh-pillai\/\">Hareesh<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/hlashbrooke\/\">Hugh Lashbrooke<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/iandunn\/\">Ian Dunn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/igorradovanov\/\">Igor Radovanov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/whyisjake\/\">Jake Spurlock<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/audrasjb\/\">Jb Audras<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/desrosj\/\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jb510\/\">Jon Brown<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joyously\/\">Joy<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/jrf\/\">Juliette Reinders Folmer<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/kellybleck\/\">kellybleck<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mailnew2ster\/\">mailnew2ster<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mkaz\/\">Marcus Kazmierczak<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/clorith\/\">Marius L. J.<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/dimadin\/\">Milan Dini\u0107<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/batmoo\/\">Mohammad Jangda<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/mukesh27\/\">Mukesh Panchal<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/paaljoachim\/\">Paal Joachim Romdahl<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\/\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/regankhadgi\/\">Regan Khadgi<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/noisysocks\/\">Robert Anderson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sergeybiryukov\/\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/yakimun\/\">Sergey Yakimov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/smub\/\">Syed Balkhi<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/szaqal21\/\">szaqal21<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/tellyworth\/\">Tellyworth<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sippis\/\">Timi Wahalahti<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/timothyblynjacobs\/\">Timothy Jacobs<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/itowhid06\/\">Towhidul I. Chowdhury<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/vinayakanivase\/\">Vinayak Anivase<\/a>, and <a href=\"https:\/\/profiles.wordpress.org\/zieladam\/\">zieladam<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For more information,&nbsp;<a href=\"https:\/\/core.trac.wordpress.org\/query?status=closed&amp;resolution=fixed&amp;milestone=5.5.2&amp;order=priority\">browse the full list of changes on Trac<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">List of Files Revised<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">wp-admin\/about.php\n wp-admin\/admin-header.php\n wp-admin\/comment.php\n wp-admin\/includes\/ajax-actions.php\n wp-admin\/includes\/class-custom-background.php\n wp-admin\/includes\/class-custom-image-header.php\n wp-admin\/includes\/class-wp-automatic-updater.php\n wp-admin\/includes\/class-wp-community-events.php\n wp-admin\/includes\/dashboard.php\n wp-admin\/includes\/media.php\n wp-admin\/includes\/ms.php\n wp-admin\/includes\/template.php\n wp-admin\/js\/custom-background.js\n wp-admin\/js\/custom-background.min.js\n wp-admin\/js\/dashboard.js\n wp-admin\/js\/dashboard.min.js\n wp-admin\/js\/media-gallery.js\n wp-admin\/js\/media-gallery.min.js\n wp-admin\/media-new.php\n wp-admin\/network\/site-users.php\n wp-includes\/Requests\/Utility\/FilteredIterator.php\n wp-includes\/assets\/script-loader-packages.php\n wp-includes\/class-wp-oembed.php\n wp-includes\/class-wp-xmlrpc-server.php\n wp-includes\/comment-template.php\n wp-includes\/css\/dist\/block-editor\/style-rtl.css\n wp-includes\/css\/dist\/block-editor\/style-rtl.min.css\n wp-includes\/css\/dist\/block-editor\/style.css\n wp-includes\/css\/dist\/block-editor\/style.min.css\n wp-includes\/css\/dist\/block-library\/editor-rtl.css\n wp-includes\/css\/dist\/block-library\/editor-rtl.min.css\n wp-includes\/css\/dist\/block-library\/editor.css\n wp-includes\/css\/dist\/block-library\/editor.min.css\n wp-includes\/css\/dist\/components\/style-rtl.css\n wp-includes\/css\/dist\/components\/style-rtl.min.css\n wp-includes\/css\/dist\/components\/style.css\n wp-includes\/css\/dist\/components\/style.min.css\n wp-includes\/embed.php\n wp-includes\/functions.php\n wp-includes\/general-template.php\n wp-includes\/images\/crystal\/license.txt\n wp-includes\/js\/comment-reply.js\n wp-includes\/js\/comment-reply.min.js\n wp-includes\/js\/dist\/block-editor.js\n wp-includes\/js\/dist\/block-editor.min.js\n wp-includes\/js\/dist\/block-library.js\n wp-includes\/js\/dist\/block-library.min.js\n wp-includes\/js\/dist\/blocks.js\n wp-includes\/js\/dist\/blocks.min.js\n wp-includes\/js\/dist\/components.js\n wp-includes\/js\/dist\/components.min.js\n wp-includes\/js\/dist\/editor.js\n wp-includes\/js\/dist\/editor.min.js\n wp-includes\/meta.php\n wp-includes\/post.php\n wp-includes\/script-loader.php\n wp-includes\/version.php<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Updated packages<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\"> @popperjs\/core: 2.5.3\n @wordpress\/block-directory: 1.13.8\n @wordpress\/block-editor: 4.3.8\n @wordpress\/block-library: 2.22.8\n @wordpress\/blocks: 6.20.4\n @wordpress\/components: 10.0.7\n @wordpress\/core-data: 2.20.4\n @wordpress\/edit-post: 3.21.8\n @wordpress\/editor: 9.20.8\n @wordpress\/format-library: 1.22.8\n @wordpress\/icons: 2.4.1\n @wordpress\/interface: 0.7.7\n @wordpress\/list-reusable-blocks: 1.21.7\n @wordpress\/nux: 3.20.7\n @wordpress\/plugins: 2.20.4\n @wordpress\/server-side-render: 1.16.7\n body-scroll-lock: 3.1.5\n compute-scroll-into-view: 1.0.16\n dotenv: 8.2.0\n re-resizable: 6.7.0\n react-easy-crop: 3.2.2\n react-use-gesture: 7.0.16\n simple-html-tokenizer: 0.5.10\n tinycolor2: 1.4.2\n ua-parser-js: 0.7.22\n uc.micro: 1.0.6<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>On October 29, 2020, WordPress 5.5.2 was released to the public. Installation\/Update Information To download WordPress 5.5.2, update automatically from the Dashboard &gt; Updates menu in your site&#8217;s admin area or visit https:\/\/wordpress.org\/download\/release-archive\/. For step-by-step instructions on installing and updating WordPress: Updating WordPress If you are new to WordPress, we recommend that you begin with [&hellip;]<\/p>\n","protected":false},"author":8670591,"featured_media":0,"menu_order":0,"template":"","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false},"helphub_major_release":[66],"class_list":["post-13594046","helphub_version","type-helphub_version","status-publish","hentry","helphub_major_release-5-5"],"revision_note":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/13594046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions"}],"about":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/types\/helphub_version"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/users\/8670591"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/13594046\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/media?parent=13594046"}],"wp:term":[{"taxonomy":"helphub_major_release","embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/helphub_major_release?post=13594046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}