renovate[bot]
commented
11 months ago ⚠ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: composer.lock
Command failed: composer update phpunit/phpunit:10.5.9 roots/wordpress:6.4.2 wp-phpunit/wp-phpunit:6.4.2 yoast/phpunit-polyfills:2.0.0 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires phpunit/phpunit 10.5.9 -> satisfiable by phpunit/phpunit[10.5.9].
- phpunit/phpunit 10.5.9 requires php >=8.1 -> your php version (7.3; overridden via config.platform, same as actual) does not satisfy that requirement.
Problem 2
- phpunit/phpunit 10.5.9 requires php >=8.1 -> your php version (7.3; overridden via config.platform, same as actual) does not satisfy that requirement.
- yoast/phpunit-polyfills 2.0.0 requires phpunit/phpunit ^5.7.21 || ^6.0 || ^7.0 || ^8.0 || ^9.0 || ^10.0 -> satisfiable by phpunit/phpunit[10.5.9].
- Root composer.json requires yoast/phpunit-polyfills 2.0.0 -> satisfiable by yoast/phpunit-polyfills[2.0.0].
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
This PR contains the following updates:
9.6.15->10.5.95.9.8->6.4.25.9.8->6.4.21.1.0->2.0.0Release Notes
sebastianbergmann/phpunit (phpunit/phpunit)
### [`v10.5.9`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.8...10.5.9) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.8...10.5.9) ### [`v10.5.8`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.7...10.5.8) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.7...10.5.8) ### [`v10.5.7`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.6...10.5.7) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.6...10.5.7) ### [`v10.5.6`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.5...10.5.6) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.5...10.5.6) ### [`v10.5.5`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.4...10.5.5) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.4...10.5.5) ### [`v10.5.4`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.3...10.5.4) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.3...10.5.4) ### [`v10.5.3`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.2...10.5.3) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.2...10.5.3) ### [`v10.5.2`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.1...10.5.2) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.1...10.5.2) ### [`v10.5.1`](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.0...10.5.1) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.5.0...10.5.1) ### [`v10.5.0`](https://togithub.com/sebastianbergmann/phpunit/compare/10.4.2...10.5.0) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.4.2...10.5.0) ### [`v10.4.2`](https://togithub.com/sebastianbergmann/phpunit/compare/10.4.1...10.4.2) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.4.1...10.4.2) ### [`v10.4.1`](https://togithub.com/sebastianbergmann/phpunit/compare/10.4.0...10.4.1) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.4.0...10.4.1) ### [`v10.4.0`](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.5...10.4.0) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.5...10.4.0) ### [`v10.3.5`](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.4...10.3.5) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.4...10.3.5) ### [`v10.3.4`](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.3...10.3.4) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.3...10.3.4) ### [`v10.3.3`](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.2...10.3.3) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.2...10.3.3) ### [`v10.3.2`](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.1...10.3.2) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.1...10.3.2) ### [`v10.3.1`](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.0...10.3.1) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.3.0...10.3.1) ### [`v10.3.0`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.7...10.3.0) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.7...10.3.0) ### [`v10.2.7`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.6...10.2.7) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.6...10.2.7) ### [`v10.2.6`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.5...10.2.6) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.5...10.2.6) ### [`v10.2.5`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.4...10.2.5) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.4...10.2.5) ### [`v10.2.4`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.3...10.2.4) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.3...10.2.4) ### [`v10.2.3`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.2...10.2.3) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.2...10.2.3) ### [`v10.2.2`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.1...10.2.2) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.1...10.2.2) ### [`v10.2.1`](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.0...10.2.1) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.2.0...10.2.1) ### [`v10.2.0`](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.3...10.2.0) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.3...10.2.0) ### [`v10.1.3`](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.2...10.1.3) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.2...10.1.3) ### [`v10.1.2`](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.1...10.1.2) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.1...10.1.2) ### [`v10.1.1`](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.0...10.1.1) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.1.0...10.1.1) ### [`v10.1.0`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.19...10.1.0) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.19...10.1.0) ### [`v10.0.19`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.18...10.0.19) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.18...10.0.19) ### [`v10.0.18`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.17...10.0.18) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.17...10.0.18) ### [`v10.0.17`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.16...10.0.17) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.16...10.0.17) ### [`v10.0.16`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.15...10.0.16) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.15...10.0.16) ### [`v10.0.15`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.14...10.0.15) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.14...10.0.15) ### [`v10.0.14`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.13...10.0.14) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.13...10.0.14) ### [`v10.0.13`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.12...10.0.13) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.12...10.0.13) ### [`v10.0.12`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.11...10.0.12) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.11...10.0.12) ### [`v10.0.11`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.10...10.0.11) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.10...10.0.11) ### [`v10.0.10`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.9...10.0.10) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.9...10.0.10) ### [`v10.0.9`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.8...10.0.9) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.8...10.0.9) ### [`v10.0.8`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.7...10.0.8) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.7...10.0.8) ### [`v10.0.7`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.6...10.0.7) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.6...10.0.7) ### [`v10.0.6`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.5...10.0.6) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.5...10.0.6) ### [`v10.0.5`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.4...10.0.5) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.4...10.0.5) ### [`v10.0.4`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.3...10.0.4) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.3...10.0.4) ### [`v10.0.3`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.2...10.0.3) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.2...10.0.3) ### [`v10.0.2`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.1...10.0.2) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.1...10.0.2) ### [`v10.0.1`](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.0...10.0.1) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/10.0.0...10.0.1) ### [`v10.0.0`](https://togithub.com/sebastianbergmann/phpunit/compare/9.6.12...10.0.0) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/9.6.16...10.0.0) ### [`v9.6.16`](https://togithub.com/sebastianbergmann/phpunit/compare/9.6.15...9.6.16) [Compare Source](https://togithub.com/sebastianbergmann/phpunit/compare/9.6.15...9.6.16)roots/wordpress (roots/wordpress)
### [`v6.4.2`](https://togithub.com/roots/wordpress/compare/6.4.1...6.4.2) [Compare Source](https://togithub.com/roots/wordpress/compare/6.4.1...6.4.2) ### [`v6.4.1`](https://togithub.com/roots/wordpress/compare/6.4...6.4.1) [Compare Source](https://togithub.com/roots/wordpress/compare/6.4...6.4.1) ### [`v6.4`](https://togithub.com/roots/wordpress/compare/6.3.2...6.4) [Compare Source](https://togithub.com/roots/wordpress/compare/6.3.2...6.4) ### [`v6.3.2`](https://togithub.com/roots/wordpress/compare/6.3.1...6.3.2) [Compare Source](https://togithub.com/roots/wordpress/compare/6.3.1...6.3.2) ### [`v6.3.1`](https://togithub.com/roots/wordpress/releases/tag/6.3.1): Version 6.3.1 [Compare Source](https://togithub.com/roots/wordpress/compare/6.3...6.3.1) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-3-1/).*Summary
Maintenance updates
This minor release features 4 bug fixes in Core and 6 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
### [`v6.3`](https://togithub.com/roots/wordpress/releases/tag/6.3): Version 6.3 [Compare Source](https://togithub.com/roots/wordpress/compare/6.2.3...6.3) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-3/).*Highlights
This momentous release opens new possibilities for the creative expression of designers, creators, and builders. Powerful tools and refined controls give users confidence and allow them to easily manage their sites.
Do everything in the Site Editor
WordPress 6.3 brings your content, templates, and patterns together in the Site Editor for the first time. Add pages, browse style variations, create synced patterns, and enjoy fine-tuned control over navigation menus. Spend less time switching across different site areas—so you can focus on what matters most. Creation to completion, all in one place.
Preview Block themes
Experience block themes before you switch and preview the Site Editor, with options to customize directly before committing to a new theme.
Create and sync patterns
Arrange blocks and save them to the ‘My Patterns’ section for use throughout your site. You can even specify whether to sync your patterns (previously referred to as “Reusable blocks”) so that one change applies to all parts of your site. Or, utilize patterns as a starting point with the ability to customize each instance.
Work faster with the Command Palette
Switch to a specific template or open your editor preferences with a new tool that helps you quickly access expanded functionality. With simple keyboard shortcuts (⌘+k on Mac or Ctrl+k on Windows), clicking the sidebar search icon in Site View, or clicking the Title Bar, get where you need to go and do what you need to do in seconds.
Sharpen your designs with new tools
New design controls bring more versatility for fine-tuning, starting with the ability to customize your captions from the Styles interface without coding. You can manage your duotone filters in Styles for supported blocks and pick from the options provided by your theme or disable them entirely. The Cover block gets added settings for text color, layout controls, and border options, making this powerful block even more handy.
Track design changes with Style revisions
With a new audit trail, you can now see how your site looked at a specific time. Visualize these revisions in a timeline and access a one-click option to restore prior styles.
Annotate with the Footnotes block
Footnotes add convenient annotations throughout your content. Now you can add and link footnotes for any paragraph.
Show or hide content with the Details block
Use the Details block to avoid spoiling a surprise, create an interactive Q&A section, or hide a long paragraph under a heading.
Performance gets a boost
WordPress 6.3 has 170+ performance updates, including defer and async support for the Scripts API and fetchpriority support for images. These improvements, along with block template resolution, image lazy-loading, and the emoji loader, can dramatically improve your website’s perceived load time.
Accessibility remains a core focus
Incorporating more than 50 accessibility improvements across the platform, WordPress 6.3 is more accessible than ever. Improved labeling, optimized tab and arrow-key navigation, revised heading hierarchy, and new controls in the admin image editor allow those using assistive technologies to navigate more easily.
Other highlights
Set aspect ratio on images
Specify your aspect ratios and ensure design integrity, especially when using images in patterns.
Build your site distraction-free
Distraction-free designing is now available in the Site Editor.
Rediscover the Top Toolbar
A revamped Top Toolbar offers parent selectors for nested blocks, options when selecting multiple blocks, and an interface embedded into the title bar with new functionality in mind.
List View improvements
Drag and drop to every content layer and delete any block you would like in the updated List View.
Build templates with Patterns
Create unique patterns to jumpstart template creation with a new modal enabling access to pattern selection.
### [`v6.2.3`](https://togithub.com/roots/wordpress/releases/tag/6.2.3): Version 6.2.3 [Compare Source](https://togithub.com/roots/wordpress/compare/6.2.2...6.2.3) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-2-3/).*Summary
This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
Security updates
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
- Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
- Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
- Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
- James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
- mascara7784 for identifying a XSS vulnerability in the application password screen.
- Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
- s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
### [`v6.2.2`](https://togithub.com/roots/wordpress/releases/tag/6.2.2): Version 6.2.2 [Compare Source](https://togithub.com/roots/wordpress/compare/6.2.1...6.2.2) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-2-2/).*Summary
The 6.2.2 minor release addresses 1 bug and 1 security issue. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.9 have also been updated.
Security updates
The security team would like to thank the following people for responsibly reporting vulnerabilities and allowing them to be fixed in this release.
The issue above was originally patched in the 6.2.1 release, but needed further hardening here in 6.2.2. The Core team is thankful for the community in their response to 6.2.1 and collaboration on finding the best path forward for proper resolution in 6.2.2.
### [`v6.2.1`](https://togithub.com/roots/wordpress/releases/tag/6.2.1): Version 6.2.1 [Compare Source](https://togithub.com/roots/wordpress/compare/6.2...6.2.1) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-2-1/).*Summary
Maintenance updates
This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
Security updates
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
- Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
- A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
### [`v6.2`](https://togithub.com/roots/wordpress/releases/tag/6.2): Version 6.2 [Compare Source](https://togithub.com/roots/wordpress/compare/6.1.4...6.2) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-2/).*Highlights
Meet the reimagined Site Editor
An updated interface gives you more control over your site editing experience. Explore full previews of your templates and template parts, then jump in and get to editing your site from wherever you choose.
Manage your menu in more ways with the Navigation block
A new sidebar experience makes it easier to edit your site’s navigation. Add, remove, and reorder menu items faster—no matter how complex your menus are.
Discover a smoother experience for the Block Inserter
A refreshed design gives you more visibility and easier access to the content you need. Use the Media tab to drag and drop content from your existing Media Library quickly. Find patterns faster with a split view that lets you navigate categories and see previews all at once.
Find the controls you want when you need them
Your block settings sidebar is better organized with tabs for Settings and Styles. So the tools you need are easy to identify and access.
Build faster with headers and footers for block themes
Discover a new collection of header and footer patterns. Use them with any block theme as a quick, high-quality starting point for your site’s templates.
Explore Openverse media right from the Editor
Openverse’s library catalogs over 600 million free, openly licensed stock images and audio—and now it’s directly integrated into the Editor.
Focus on writing with Distraction Free mode
For those times you want to be alone with your ideas. You can now hide all your panels and controls, leaving you free to bring your content to life.
Experience the Site Editor, now out of beta
Stable and ready for you to dive in and explore: 6.2 is your personal invitation to discover what the next generation of WordPress—and block themes—can do.
Meet the new Style Book
Get a complete overview of how every block in your site’s library looks. All in one place, all at a glance.
Copy and paste styles
Perfect the design on one type of block, then copy and paste those styles to other blocks to get just the look you want.
Custom CSS
Power up your site any way you wish. Add CSS to your site, or your blocks, for another level of control over your site’s look and feel.
Sticky positioning
Choose to keep top-level group blocks fixed to the top of a page as visitors scroll.
Importing widgets
Options to import your favorite widgets from Classic themes to Block themes.
Local fonts in themes
Default WordPress themes offer better privacy with Google Fonts now included.
### [`v6.1.4`](https://togithub.com/roots/wordpress/releases/tag/6.1.4): Version 6.1.4 [Compare Source](https://togithub.com/roots/wordpress/compare/6.1.3...6.1.4) *Version notes available on [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-1-4/).* ### [`v6.1.3`](https://togithub.com/roots/wordpress/releases/tag/6.1.3): Version 6.1.3 [Compare Source](https://togithub.com/roots/wordpress/compare/6.1.2...6.1.3) *Version notes available on [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-1-3/).* ### [`v6.1.2`](https://togithub.com/roots/wordpress/releases/tag/6.1.2): Version 6.1.2 [Compare Source](https://togithub.com/roots/wordpress/compare/6.1.1...6.1.2) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-1-2/).*Summary
Maintenance updates
This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
Security updates
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
- Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
- A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
### [`v6.1.1`](https://togithub.com/roots/wordpress/releases/tag/6.1.1): Version 6.1.1 [Compare Source](https://togithub.com/roots/wordpress/compare/6.1...6.1.1) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-1-1/).*Summary
Maintenance updates
This maintenance release features 28 bug fixes in Core and 18 bug fixes for the Block Editor.
The following core tickets from Trac were fixed:
NOT EXISTStax query inpre_get_postsaction triggers a fatal error inwp-includes/canonical.php(#55955)get_default_block_editor_settings(#56815)theme.jsonfor style variations are ignored (#56903)theme.jsonparsing for classic themes (#56945)WP_Theme_JSONclass (#56974)remove_accents()(#56980)get_page_by_titlein 6.1 changesWHEREclause (#56991)WPLANGset (#57051)$localetoload_textdomain()if we know the locale (#57060)decoding="async"breaks my site (#56969)menu-item-has-childrenclass is not being applied correctly (#56946)get_page_by_title(null)returns a page (#57039)WP_Query::the_postcauses a type warning when querying for ids, not full post objects (#56948)WP_Querycaching discardsposts_fieldsandposts_clauses['fields']filters. (#57012)register_block_core_template_partdoesWP_Queryeven on themes that do not support it (#56923)WP_Theme_JSON_Resolver::get_user_data_from_wp_global_stylescall toWP_Queryincorrect. (#56900)wp_get_theme(#57057).maintenancefile and leaves it (#56966)cache_users()not defined when callingget_userwithout field parameter or usingall_with_metaorall(#56952)The following block editor issues from GitHub were fixed:
- Post Featured Image: Fix height/scale overwriting border inline styles (#44213)
- Fluid typography: add font size constraints (#44993)
- Allow direct selection of nested Page List block by avoiding dual rendering within block (#45143)
- Fix popover deprecations (#45195)
- Components: Refactor
- Convert the
- List v2: fix migration when nested list is invalid (#44822)
- Link to
- Table Block: Apply borders and padding on both front end and editor (#45069)
- Change the order of the pseudo-states in the pseudo selectors array (#45559)
- Do not look for block variants, if not supporting block-templates (#45362)
- Restore the empty paragraph inserter (#45542)
- Cover: Avoid content loss when the
- List: disable nested list drop zone so dropping list items works (#45321)
- Switch background color to text color on block separator (#44943)
- [WP6.1.1] AutoComplete: Revert to
- [WP6.1.1] FormTokenField: Revert to
- Fluid typography: adjust font size min and max rules (#45536)
### [`v6.1`](https://togithub.com/roots/wordpress/releases/tag/6.1): Version 6.1 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0.6...6.1) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-1/).*ColorPalettetests to@testing-library/react(#44108)ColorPalettecomponent to TypeScript (#44632)homeUrlfrom site editor view menu. (#45475)templateLockvalue isallorcontentOnly(#45632)event.keyCodeto fix IME composition issue (#45704)event.keyCodeto fix IME composition issue (#45703)Highlights
The third major release of 2022 is here. Download it now! As of today, WordPress powers 43% of websites worldwide.
Site owners and administrators should upgrade to take full advantage of the many stability, performance, and usability enhancements today. Furthermore, WordPress content creators will enjoy a suite of new features geared toward improving the writing and designing experiences.
Twenty Twenty-Three:
A fresh default theme with 10 distinct style variations
After the introduction of foundational elements for block themes and style variations introduced by the 5.9 and 6.0 releases WordPress site builders welcome a new default theme, Twenty Twenty-Three, that is powered by 10 different styles and tagged as “Accessibility Ready.” These intentionally unique ensure users can apply a different look and feel to their site with a single click—all within a single theme.
New templates for an improved creator experience
Additional new and more refined templates now give site builders more control over the creation of their sites. In this suite of new templates find a custom template for posts & pages in the Site Editor. Create and edit template parts like headers and footers more quickly with a new search-and-replace tool and easily view your new site.
Design tools for more consistency and control
Thoughtful upgrades to the controls for design elements and blocks make laying out and building your new site a more consistent, complete, and intuitive experience.
Manage menus with ease
New fallback options in the navigation block mean you can edit the menu that’s open; no searching needed. Plus, the controls for choosing and working on menus have their own place in the block settings. The mobile menu system also gets an upgrade with new features, including different icon options, to make the menu yours.
Cleaner layouts and document settings visualization
View and manage post and page settings with a better-organized display improving the use of features like template picker and scheduler.
One-click lock setting for all inner blocks
When locking blocks, a new toggle lets you apply your lock settings to all the blocks in a containing block like the group, cover, and column blocks.
Improved block placeholders
Various blocks have improved placeholders that reflect customization options to help you design your site and its content. For example, the Image block placeholder displays custom borders and duotone filters even before selecting an image.
Compose richer lists and quotes with inner blocks
The List and Quote blocks now support inner blocks, allowing for more flexible and rich compositions like adding headings inside your Quote blocks.
More Responsive text with fluid typography
Fluid typography lets you define font sizes that adapt for easy reading in any screen size.
Add starter patterns to any post type
In WordPress 6.0, when you created a new page, you would see suggested patterns so you did not have to start with a blank page. In 6.1, you will also see the starter patterns modal when you create a new instance of any post type.
Find block themes faster
The Themes Directory has a filter for block themes, and a pattern preview gives a better sense of what the theme might look like while exploring different themes and patterns.
Keep your Site Editor settings for later
Site Editor settings are now persistent for each user. This means your settings will now be consistent across browsers and devices.
A streamlined style system
The CSS rules for margin, padding, typography, colors, and borders within the styles engine are now all in one place, reducing time spent on layout-specific tasks and helps to generate semantic class names.
Updated interface options and features
Updates include styling elements like buttons, citations, and links globally; controlling hover, active, and focus states for links using theme.json (not available to control in the interface yet); and customizing outline support for blocks and elements, among other features.
Continued evolution of layout options
The default content dimensions provided by themes can now be overridden in the Styles Sidebar, giving site builders better control over full-width content. Developers have fine-grained control over these controls.
Block Template parts in classic themes
Block template parts can now be defined in classic themes by adding the appropriate HTML files `parts` directory at the root of the theme.
Expanded support for Query Loop blocks
New filters let Query Block variations support custom queries for more powerful variations and advanced hierarchical post types filtering options.
Filters for all your styles
Leverage filters in the Styles sidebar to control settings at all four levels of your site—core, theme, user, or block, from less to more specific.
Spacing presets for faster, consistent design
Save time and avoid hard-coding values into a theme with preset margin and padding values for multiple blocks.
Content-only editing support for container blocks
Thanks to content-only editing settings, layouts can be locked within container blocks. In a content-only block, its children are invisible to the List View and entirely uneditable. So you control the layout while your writers can focus on the content. Combine it with block-locking options for even more advanced control over your blocks.
Other notes of interest
6.1 includes a new time-to-read feature showing content authors the approximate time-to-read values for pages, posts, and custom post types.
The site tagline is empty by default in new sites but can be modified in General Settings.
A new modal design offers a background blur effect, making it easier to focus on the task at hand.
Enhancing WordPress 6.1 accessibility
Accessibility is an integral part of the WordPress mission of fostering an inclusive community and supporting users of all types around the world. With this in mind, WordPress 6.1 includes nearly 60 updates specifically focused on enhancing the accessibility of the platform. Read about these updates to learn more about the continual initiatives aimed at improving accessibility.
Improved performance in WordPress 6.1
WordPress 6.1 resolves more than 25 tickets dedicated to enhancing performance with improvements for every type of site. A full breakdown can be found in the Performance Field Guide.
Explore learn.wordpress.org for brief how-to videos and lots more on new features in WordPress. Or join a live interactive online workshop on a specific WordPress topic.
Developers can explore the WordPress 6.1 Field Guide, complete with detailed developer notes to help you build with and extend WordPress.Read the WordPress 6.1 Release Notes for more information on the included enhancements and issues fixed, installation information, developer notes and resources, release contributors, and the list of file changes in this release.
### [`v6.0.6`](https://togithub.com/roots/wordpress/releases/tag/6.0.6): Version 6.0.6 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0.5...6.0.6) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0-6/).*Summary
Maintenance updates
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes.
This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
Security updates
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
- Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
- Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
- Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
- James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
- mascara7784 for identifying a XSS vulnerability in the application password screen.
- Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
- s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
### [`v6.0.5`](https://togithub.com/roots/wordpress/releases/tag/6.0.5): Version 6.0.5 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0.4...6.0.5) *Version notes available on [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0-5/).* ### [`v6.0.4`](https://togithub.com/roots/wordpress/releases/tag/6.0.4): Version 6.0.4 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0.3...6.0.4) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0-4/).*Summary
Maintenance updates
This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.
Security updates
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
- Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
- A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
### [`v6.0.3`](https://togithub.com/roots/wordpress/releases/tag/6.0.3): Version 6.0.3 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0.2...6.0.3) *Sourced from [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0-3/).*Summary
Security updates included in this release
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.
- Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Open redirect in `wp_nonce_ays` – devrayn
- Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
- CSRF in wp-trackback.php – Simon Scannell
- Stored XSS via the Customizer – Alex Concha from the WordPress security team
- Revert shared user instances introduced in 50790 – Alex Concha and Ben Bidner from the WordPress security team
- Stored XSS in WordPress Core via Comment Editing – Third-party security audit and Alex Concha from the WordPress security team
- Data exposure via the REST Terms/Tags Endpoint – Than Taintor
- Content from multipart emails leaked – Thomas Kräftner
- SQL Injection due to improper sanitization in `WP_Date_Query` – Michael Mazzolini
- RSS Widget: Stored XSS issue – Third-party security audit
- Stored XSS in the search block – Alex Concha of the WP Security team
- Feature Image Block: XSS issue – Third-party security audit
- RSS Block: Stored XSS issue – Third-party security audit
- Fix widget block XSS – Third-party security audit
### [`v6.0.2`](https://togithub.com/roots/wordpress/releases/tag/6.0.2): Version 6.0.2 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0.1...6.0.2) *Version notes available on [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0-2/).* ### [`v6.0.1`](https://togithub.com/roots/wordpress/releases/tag/6.0.1): Version 6.0.1 [Compare Source](https://togithub.com/roots/wordpress/compare/6.0...6.0.1) *Version notes available on [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0-1/).* ### [`v6.0`](https://togithub.com/roots/wordpress/releases/tag/6.0): Version 6.0 [Compare Source](https://togithub.com/roots/wordpress/compare/5.9.8...6.0) *Version notes available on [WordPress.org Documentation](https://wordpress.org/documentation/wordpress-version/version-6-0/).*wp-phpunit/wp-phpunit (wp-phpunit/wp-phpunit)
### [`v6.4.2`](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.4.1...6.4.2) [Compare Source](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.4.1...6.4.2) ### [`v6.4.1`](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.4.0...6.4.1) [Compare Source](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.4.0...6.4.1) ### [`v6.4.0`](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.3.2...6.4.0) [Compare Source](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.3.2...6.4.0) ### [`v6.3.2`](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.3.1...6.3.2) [Compare Source](https://togithub.com/wp-phpunit/wp-phpunit/compare/6.3.1...6.3.2) ### [`v6Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.