WordPress 5.3.1 Includes Security and Bug Fixes, Accessibility Enhancements, and Twenty Twenty Changes

WordPress 5.3.1 was released today with 46 bug fixes and enhancements. Changes include several accessibility improvements and four security vulnerability fixes. The update includes multiple changes to the default Twenty Twenty theme.

Version 5.3.1 is a security and maintenance release. All users are encouraged to update as soon as possible. For those with auto-updates enabled, updates are currently rolling out. All major branches of WordPress from version 3.7 through 5.3 received the new security fixes.

The following security issues were addressed:

  • Users without the correct permission (capability) could make a post sticky via the REST API.
  • An issue where cross-site scripting (XSS) could be stored in links.
  • Hardening the wp_kses_bad_protocol() function so that it is aware of the named colon attribute.
  • A stored XSS vulnerability using block editor content.

Most of the release focused on maintenance. Form fields and buttons now have the same height, which should result in a more consistent admin UI. This has long been an issue, but the accessibility changes in WordPress 5.3 highlighted the problem.

A bug with how permalinks were generated with the new Date/Time changes in WordPress 5.3 has been fixed. This left some sites using date-based URLs with incorrect post permalinks.

Other changes include removing support for the CollegeHumor oEmbed provider (the site is no longer available), updating the sodium_compat library, and making sure admin verification emails use the user’s locale instead of the site’s locale. For a full overview of all changes, visit the WordPress 5.3.1 release page.

Accessibility Improvements

“Coffee” color scheme with new button colors.

Some of the biggest accessibility changes fixed issues with the alternate admin color schemes available in WordPress. The accessibility improvements to buttons in WordPress 5.3 did not get carried over to most of the alternate schemes. Or, rather, those alternate color schemes were not taken into account when the changes went into effect. This left secondary button elements practically unreadable in some cases, which made accessibility worse.

Version 5.3.1 creates a unified design for secondary buttons for every color scheme. It also makes sure that the :active state for buttons are consistent.

Other improvements to accessibility include adding underlines to links on the Dashboard screen that were not clearly links by context, properly disabling nav menu forms when they should not be in use, and adding hover effects for links on the “About” admin screens.

Twenty Twenty Changes

Screenshot of the author bio option in the Twenty Twenty theme.
Author bio option in the customizer.

The Twenty Twenty theme launched with JavaScript-based, smooth-scroll behavior for anchor links. This feature did not work correctly in all cases. It also broke anchor links to individual comments when paginated comments were enabled on a site.

Version 1.1 of Twenty Twenty includes CSS-based, smooth-scroll behavior. This greatly simplifies the code by using native behavior. It also works based on the user’s reduced motion setting for their browser, which enhances accessibility for the theme.

The theme update comes packaged with a new option for showing or hiding the post author bio. The setting is available under the “Theme Options” section in the customizer. It is enabled by default and will show the author bio section at the end of every post across the site.

The Twenty Twenty update also includes several bug fixes, most of which were trivial issues.

14

14 responses to “WordPress 5.3.1 Includes Security and Bug Fixes, Accessibility Enhancements, and Twenty Twenty Changes”

  1. Hurray to the accessibility fixes for alternate colour schemes! Buttons have been looking bizarre on my dashboard since 5.3.

    About the Twenty Twenty theme, it actually uses Times New Roman for post content on Windows, which shows that probably no one on the theme development/testing team ventures outside macOS.

    • Garamond should pick up for most Windows users today and fall back to Times New Roman. But, I’ll take Times New Roman any day over Baskerville Old Face, which was used for Twenty Nineteen. That was a long year trying to read blogs running that theme. At least it finally got fixed a few months ago.

      • Garamond hasn’t shipped on any Microsoft product since Office 2010. Users of Adobe apps might have it (though I don’t have any Adobe apps and can’t confirm).
        https://docs.microsoft.com/en-us/typography/font-list/garamond

        Microsoft did introduce two serif typefaces called Cambria and Constantia in Vista, which should probably be used over TNR for serif text. There are also popular Google font options like Source Serif Pro and Noto Serif. TNR looks jarring and lazy next to Inter, the excellent sans serif being used for headers.

        • I’m not disagreeing with you. I’m just being thankful for the small mercy of not having to make an attempt to read Baskerville Old Face for body copy.

  2. Happy with the bug fixes I see above, I think WordPress should also focus on enhancing the seo of it’s users within the dashboard. I think it will be very helpful

    • It is a performance feature in the Jetpack plugin. I wouldn’t recommend installing Jetpack for this single feature though because it is a large plugin. However, if you already use it or need several more features from the plugin, it might be worth it.

  3. This security patch kills our links to local files when they are opened in an new tab!!! :-(((((
    <a href="file://////file.txt”> will be destroyed to <a href="//////file.txt”> and the links do not work anymore!
    This happes to every post edited/modified with WP 5.3.1.
    Please fix that bug as soon as possible!!

  4. This update broke my site. It stripped all previous featured images in the classic layout (vs. the Gutenberg style), meaning more than 1,000 articles now don’t have a featured image. How do I fix this?

    • Revert the update. Try updating on a dev environment and trouble-shoot there with your host.

  5. That’t is one great thing i love about wordpress, they always release update to fix bugs and don’t play with security issues and enhancements.

    I also love the new dashboard layout and design. Big Up!

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: