Releases: roots/wordpress
Version 6.6.1
Sourced from WordPress.org Documentation.
Summary
The 6.6.1 release was led by Tonya Mork and Ella.
WordPress 6.6.1 is a short-cycle maintenance release that features es 7 bug fixes in Core and 9 bug fixes for the Block Editor.
You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
Thank you to everyone who contributed to WordPress 6.6.1
Aaron Jorbin, Aaron Robertshaw, Aki Hamano, Amit Raj, Andrea Fercia, Andrew Serong, annezazu, Art Smith, Brian Gardner, Carolina Nymark, cbirdsong, Ciprian, Clark, Courtney Robertson, Daniel Richards, David Baumwald, Dennis Snell, Dion Hulse, Ella, Eric-Oliver Mächler, Fabian Kägy, George Mamadashvili, Jarda Snajdr, Jb Audras, Joe Dolson, Joen A., Jon Surrell, Marco Ciampini, Mario Santos, Mark Howells-Mead, Mukesh Panchal, neotrope, Pascal Birchler, Paul Biron, ramonopoly, Raquel, Riad Benguella, Rich Tabor, Robert Anderson, Sergey Biryukov, Sourav Pahwa, Stephen Bernhardt, SunilPrajapati, Tonya Mork, up1512001
For more information, browse the full list of changes on Trac.
Version 6.6
Sourced from WordPress.org Documentation.
Highlights: What’s inside 6.6
Color palettes & font sets
Add more design options to any block theme. Block theme authors can create unlimited individual color or font sets to offer more specific design options within the same theme. These sets provide more contained design possibilities, allowing for customization without changing the site’s broader styling, beyond color or typography settings.
Quick previews for pages
Simplify your workflow with a new layout built for pages. See all of your pages and a preview of any selected page before you edit via a new side-by-side layout in the Site Editor.
Rollbacks for plugin auto-updates
Auto-update your plugins with peace of mind. Enjoy the ease of plugin auto-updates with the safety of rollbacks if anything goes wrong, improving your site’s security while minimizing potential downtime.
Overrides
Add the ability to customize content in synced patterns. Allow specific pieces of content to be customized in each instance of a synced pattern while keeping a consistent style for all instances, simplifying future updates. Currently, you can set overrides for Heading, Paragraph, Button, and Image blocks.
Performance updates
WordPress 6.6 includes important updates like removing redundant WP_Theme_JSON calls, disabling autoload for large options, eliminating unnecessary polyfill dependencies, lazy loading post embeds, introducing the data-wp-on-async directive, and a 33% reduction in template loading time in the editor.
Accessibility improvements
55+ accessibility fixes and enhancements focus on foundational aspects of the WordPress experience, particularly the data views component powering the new site editing experience and areas like the Inserter that provide a key way of interacting with blocks and patterns.
Version 6.5.5
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 6.4.5
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 6.3.5
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 6.2.6
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 6.1.7
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 6.0.9
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 5.9.10
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Version 5.8.10
Sourced from WordPress.org Documentation.
Summary
Security updates
This release features one security fix. Because this is a security release, it is recommended that you update your sites immediately.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release: