On September 8, 2021, WordPress 5.8.1 was released to the public. It fixes security issues that were affecting versions between 5.4 and 5.8. We recommend updating to the latest version as soon as possible to reduce your website’s vulnerabilities.
It comes with three major security fixes, as well as 41 bug fixes on Core and 20 bug fixes for the Block Editor.
You can automatically update from the updates menu on your dashboard, or visit the WordPress release archive.
You can always download the latest version of WordPress here:
- Data exposure vulnerability within the REST API.
- XSS vulnerability in the block editor.
- The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.
The following core tickets from Trac are fixed:
#52818 – Ordering metaboxes broken in WP 5.7
#53556 – Add a new template-editing tag to the Theme API
#53562 – Widgets Editor in Customizer doesn’t load with E2E tests + 0ms Animations
#53609 – Responsive widget block embeds not showing in the customizer
#53616 – Registered block styles should only be rendered when the block exists on a page
#53641 – Can not configure image widget (and others) in widget accessibility mode
#53654 – Menus: Hide bulk-select options when no menus exist
#53667 – Support wp_editor_set_quality for both loaded and saved mime_types
#53668 – Generated images for one file can be overwritten by another with the same name when mapping mime types for generated images
#53679 – The media library looks broken on mobile
#53680 – Correct inline documentation about IMAGETYPE_WEBP and IMG_WEBP
#53696 – wp_add_iframed_editor_assets_html() not checking for block editor
#53697 – Possible Regression – Border settings not displaying for Button Block
#53702 – Four css files removed between 5.7.x and 5.8 were not included in $_old_files
#53713 – Bounce underscore.js version in script-loader
#53714 – Bounce jquery.form.js version in script-loader
#53715 – Bounce hoverIntent.js version in script-loader
#53716 – The “/” missing at the end of image tag
#53719 – grunt clean:css does not clean the css/dist folder
#53738 – Broken loop in WP_Theme_JSON_Resolver
#53752 – Twenty Ten: Block patterns file causes error in child themes
#53757 – Widget editor calls get_block_categories() with incorrect arg type
#53769 – Bundled themes: block-patterns.php file should use get_template_directory_uri instead of get_stylesheet_directory_uri
#53773 – /wp-admin/includes/ajax-actions.php file line 3006 is creating divide by zero error
#53777 – Bump bundled theme versions for
#53799 – Remove version-controlled files check from Test Old Branches workflow
#53803 – Customizer: Radio button on background image position selector visible on focus
#53820 – Build doesn’t support Docker Compose V2
#53827 – Increase number of media items displayed when clicking button to “Load More”
#53830 – Default filters try to create nonce during installation before options table exists
#53833 – ‘Replace image’ Media Modal is missing select fields under filter media due to css issues
#53877 – Menus: Selected display locations for new menus aren’t saved
#53898 – Duplicated 404 templates in the TemplatePanel
#53922 – Docblock in get_block_editor_settings function
#53932 – Media grid view doesn’t show all media elements
#53936 – Output of serialize_block_attributes does not match equivalent Gutenberg function
#53955 – Fix and improve the docs for the image_editor_output_format filter
#54030 – Pressing esc in Widgets Editor closes panel in customizer
#54036 – PclZip throwing errors on PHP 8 – previously merged patch is incomplete
#54052 – Block editor package updates for 5.8.1
For more information, read the full report on WordPress Version 5.8.1.