On November 7, 2023, WordPress 6.4 was released. 🎉 Every release is a massive undertaking that requires the time and hard work of hundreds of contributors often spanning three to four months. Even though WordPress strives to ship excellent, bug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.-free code, technology is fast-moving and edge cases can sometimes make it past testing.
After the 6.4 release, it was reported that a small change within the bundled library responsible for making and managing HTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. requests was causing problems for a small subset of sites. The bug was mainly surfacing in the form of failed plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and theme updates where the attempt would take a long time to process and ultimately result in a timeout error. However, custom code using the HTTP API An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. to make requests was also affected.
After an in-depth investigation, the conditions required were finally identified and understood. To reproduce the problem, a server had to be running a version of curl between 7.22.0 and 7.46.0 while also using HTTP1 and `Keep-Alive`. In curl 7.47.0, a change was made to always prefer HTTP/2 when available. HTTP/1.1 requests default to keeping a connection open, but HTTP/2 prohibits connection-specific header fields including `Keep-Alive` and `Connection`. In this scenario, no `Connection: close` header The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. was being sent when these conditions were met, so connections remained open until reaching the time out duration and returned an error.
Below is a timeline of relevant events (all times are in Coordinated Universal Time or UTC):
November 7, 2023:
November 8, 2023:
November 9, 2023:
At the time of publishing, approximately 93% of all sites running the 6.4 major version have updated to the 6.4.1 release, with more updating every minute.
To safeguard against future related issues, contributors are exploring ways to better test against different versions of curl. It is always strongly recommended to run current and supported versions of all software. This recommendation is not just for PHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher and WordPress itself, but also for command line tools such as curl. As a project, we remain staunchly committed to backwards compatibility, but this is a safety net, not a substitute for that recommendation.
There are many moving parts that make individual WordPress releases increasingly challenging. Preparing, testing, and confidently releasing a version of software that powers over 43% of the web in under 24 hours is an exceptional accomplishment. It would not have happened without the 45+ contributors across the globe who dropped what they were working on to collaborate on solving this problem for site owners everywhere.
Props @chanthaboune, @cbringmann, @jeffpaul, @barry for pre-publish review.