Fellow WordPressers! A brand new version of WordPress is here. WordPress 5.3.1 Security and Maintenance Release is now available for the public to test. This update was released yesterday and includes 45+ bug fixes and enhancements. The release is for all the previous versions of WordPress. Therefore, we recommend you have this update first tested and then applied to your WordPress site.
The WordPress 5.3.1 Security and Maintenance release includes a total of 46 enhancements with a handful of security fixes in it.
You can either directly download WordPress 5.3.1 Security and Maintenance Release or venture over to Dashboard > Updates and simply click “Update Now”. Websites that support automatic background updates are already beginning to update to v5.3.1.
Here are some of the major Security and Maintenance updates you will find in 5.3.1:
- Fixed an issue where an unprivileged user could make a post sticky via the REST API.
- Fixed an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Hardened wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- Discovered a stored XSS vulnerability using block editor content.
- Administration: improvements to admin form control height and alignment standardization, dashboard widget links accessibility and alternate color scheme readability issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS-based smooth scroll with CSS and fix Instagram embed CSS.
- Site health: allow the remind interval for the admin email verification to be filtered.
You can check out the full list of changelog to learn more about the changes in this release.