The latest version of WordPress comes with the bug, security fixes, and enhancements. WordPress is defined as version 5.3.1. As a short-cycle security and maintenance release. The next major release will be version 5.4.
Maintenance updates
When we look at the latest version 5.3.1., there are some highlights of maintenance updates. Admin form controls height and alignment standardization. Dashboard widget links accessibility and alternate color scheme readability issues. For block editor, edge scrolling issues and intermittent JavaScript issues were fixed. They add the customizer option to show/hide author bio to bundled themes. Instagram embed CSS was fixed by replacing JS-based smooth scroll with CSS and fix Instagram embed CSS. Also, non-GMT dates calculation was improved. Date format output was fixed in specific languages. CollegeHumor oEmbed provider was removed in version 5.3.1.
Security updates
From the WordPress 5.3.1 release post, WordPress versions 5.3 and earlier are affected by four security issues. These four security bugs were fixed in version 5.3.1. These security bugs are as following:
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
For users who haven’t updated to 5.3, there are also updated versions of 5.2 and earlier that fix the security issues.
WordPress 5.3.1 can be downloaded by clicking the button at the top of this page or visit your Dashboard → Updates and click Update Now. If you have sites that support automatic background updates, they’ve already started the update process.