WordPress 4.9.4 Release – The technical details

Today we’ve released WordPress 4.9.4, the day following WordPress 4.9.3.

WordPress 4.9.4 is the first minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. of WordPress in over four years since WordPress 3.7 was released where not all users will be receiving an automatic update.

This isn’t by choice – a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. went undetected during the 4.9.3 development cycle, and was only discovered hours after 4.9.3’s releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.. The bug causes a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 Fatal error to be triggered when WordPress attempts to update itself.

Unfortunately this means that WordPress Administrators will need to proceed with a WordPress update themselves, through the WordPress Administration panel (Just hit Update Now under Updates), using WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/, or via FTPFTP FTP is an acronym for File Transfer Protocol which is a way of moving computer files from one computer to another via the Internet. You can use software, known as a FTP client, to upload files to a server for a WordPress website. https://codex.wordpress.org/FTP_Clients.. Hosts who apply updates automatically on their customers behalf will also be able to continue to update sites as normal.

What Happened? #43103-core aimed to reduce the number of APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. calls which get made when the autoupdate cron task is run. Unfortunately due to human error, the final commit didn’t have the intended effect, and instead triggers a fatal error as not all of the dependancies of find_core_auto_update() are met. For whatever reason, the fatal error wasn’t discovered before 4.9.3’s release – it was a few hours after release when discovered.

Ways to update:

  • Through the WordPress Administration area: Simply visit your WordPress Dashboard → Updates and click “Update Now.”
  • With WP-CLI: If you have command line access to WordPress, and WP-CLI installed, wp core update will update your site just as quickly as before.
  • Manually by FTP: If you prefer, you can update by Downloading the latest ZIP, and using FTP to upload it to your site. The only changed files expected are wp-includes/update.php & wp-includes/version.php.
  • With PHP: If you have command line access, you can also update WordPress simply by running wp_maybe_auto_update() inside of WordPress, for example: php -r 'include "wp-load.php"; wp_maybe_auto_update();'. This is also how we suggest hosts who don’t have WP-CLI installed proceed with automated updates for their customers.

As noted above, only two files changed in this release – wp-includes/update.php & wp-includes/version.php.

Are there any security implications? WordPress 4.9.3 and 4.9.4 do not include any security fixes, however, in order for WordPress to receive future security updates automatically sites will first need to be updated to 4.9.4.

What we’re doing to prevent this happening again We’ll be making a follow up post after we’ve been able to determine how to ensure that this never happens again. We don’t like bugs in WordPress any more than you do, and we’ll be taking steps to both increase automated coverage of our updates and improve tools to aid in the detection of similar bugs before they become an issue in the future.

#4-9-4, #43103-core