Log message:
Security update to 5.7.2.

Security issue fixed:
- Object injection in PHPMailer, CVE-2020-36326 and CVE-2018-19296.

Log message:
Security update to 5.7.1.

Two security issues affect WordPress versions between 4.7 and 5.7.

- thank you SonarSource for reporting an XXE vulnerability within the media \ 
library affecting PHP 8
- thanks Mikael Korpela for reporting a data exposure vulnerability within the \ 
latest posts block and REST API

Log message:
Update to version 5.7

Highlights of this release:
- block editor changes
- WP Admin: a new color palette
- from HTTP to HTTPS in a single click
- new robots API
- ongoing cleanup after update to jQuery 3.5.1
- lazy-load your iframes # Lazy-load your iframes

More details here: https://wordpress.org/support/wordpress-version/version-5.7/

Log message:
Update to version 5.6.2.

Changes:

5.6.2:
This maintenance release features 5 bug fixes. These bugs affect WordPress \ 
version 5.6.1.

WordPress Core changes on Trac:
- #52440: Prevent the "Leave site" browser alert in Classic Editor \ 
when post title, excerpt, or post content fields are missing.
- #52018: Avoid a fatal error in PHP 8.0 when the "zip" PHP extension \ 
is disabled.

Block editor changes from GitHub and Trac:

- #52396: Image options are not visible in pop up when the clicking replace \ 
button from Image block.
- #52449: Can't change font size the 5.6.1 paragraph block.
- GH-26583: Restore block preview within the block inserter.

5.6.1:
This maintenance release features 20 bug fixes as well as 7 issues fixed on the \ 
block editor. These bugs affect WordPress version 5.6

WordPress Core changes on Trac:

- #51056: Fetch_feed parsing of permalinks triggers simplepie preg_match warnings
- #52327: Requested updates to the PHP Update Alert
- #51940: The schema for the taxonomy property of a term in the REST API should \ 
not include all taxonomies
- #51980: App Passwords: ‘Add New Application Password’ submit button is \ 
hidden on mobile devices in ‘User Profile’ page
- #51995: WordPress 5.6: Classic editor menu is not sticky
- #52003: Undefined index: PHP_AUTH_PW /wp-includes/user.php on line 469
- #52013: Duplicate wp_authorize_application_password_form actions
- #52030: Media metaboxes return fatal error if no author metadata present
- #52038: Issue in WooCommerce with wp_editor() after update to WP 5.6
- #52046: The Distraction Free Writing setting on the old Edit Post screen may \ 
be reset after page reload
- #52065: Media gallery: ‘Align’ and ‘Link To’ fields missing from \ 
‘Insert from URL’
- #52066: Application Passwords are unusable in combination with password \ 
protected /wp-admin
- #52075: Word Count on Classic Editor doesn’t update in real time on Firefox \ 
unless saved
- #52097: Site Health Loopback Test doesn’t send admin cookies
- #52135: False positive on `WP_Site_Health_Auto_Updates`
- #52196: wp_get_attachment_metadata() is broken if no first argument is passed in.
- #52205: REST API: Plugins Controller single plugin route fatal errors on multisite
- #52299: Exported user data can be listed with directory listing
- #52351: missing echo function for translate method
- #52391: Gutenberg Updates for 5.6.1

Block editor changes from GitHub:

- #27970: Fix editor crash when registering a block pattern without categories
- #27733: Embed block: Add html and reusable support back
- #27727: Add aria labels to box control component inputs/button
- #27627: HTML Block: Fix editor styles
- #27526: Core Data: Normalize _fields value for use in stableKey
- #26705: Fix: Font size picker does not correctly handles big font sizes.
- #26432: Edit Site: prevent inserter overscroll

Log message:
Update to Wordpress 5.6.

List of changes is here: https://wordpress.org/support/wordpress-version/version-5-6/

Log message:
Security and maintenance update to version 5.5.3.

5.5.3:

This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.

5.5.2:

Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in \ 
hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on \ 
a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to \ 
XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation \ 
in XML-RPC. He also found and disclosed an issue around privilege escalation \ 
around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in \ 
post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a \ 
method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and \ 
patches during this release.

Maintenance updates:
#51130 Events displayed in venue timezone instead of user’s
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site’s
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered \ 
taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files

Log message:
Update to wordpress 5.5.1.

Changes:

5.5:
- lazy-loaded images
- new sitemap
- autoupdate of plugins and themes
- block editor:
  - block patterns
  - block directory
  - inline image editing

5.5.1:
WordPress Core changes on Trac:

#50882 - Administration: WP 5.5: Cannot attribute content when deleting users
#50998 - Quick/Bulk Edit: Editing posts using bottom "Bulk actions" \ 
dropdown menu doesn't work
#38009 - Comments: #reply-title.comment-reply-title not updating when replying \ 
to an individual
#50845 - Editor: Block patterns: Fix translatable strings (take 2)
#50858 - Site Health: Check PHP notices with site_status_tests filter
#50887 - Site Health: Add site environment to debug information
#50892 - Editor: Some block patterns have text contrast issues with dark themes
#50910 - Sitemaps: 5.5 Sitemap URLs are incorrectly paginated
#50912 - Site Health: flags define WP_AUTO_UPDATE_CORE value as an error
#50919 - Script Loader: Change the jquery handle back to an alias for jquery-core
#50933 - Media: Lazy loading in 5.5 causes flashing of custom logo in Firefox
#50945 - Site Health: don't give a warning when upload_max_size is lower than \ 
max_post_size
#50988 - Upgrade/Install: Pass details about the specific plugin and theme \ 
updates attempted to filters
#50992 - Bootstrap/Load: Remove the ability to alter the list of environment \ 
types in wp_get_environment_type()
#50999 - Script Loader: Disable concatenation for scripts with translations to \ 
ensure they are printed in the right order
#51011 - Upgrade/Install: Empty string comparison on home option during DB \ 
upgrades is invalid
#51018 - Editor: PHP Notice thrown when searching for certain terms via the \ 
Gutenberg block directory
#51151 - Editor: Packages update
#51021 - REST API: Permit uniqueItems keyword in endpoint args
#51146 - REST API: Fix multi-type schemas with integer fields
#51029 - Filesystem API: Typo in variable name causes warning from fclose()
#51042 - Post: missing excerpt
#51050 - Docs: Add docblock for get_the_archive_title() filter
#51052 - Administration: Undefined index: update-supported
#51060 - Docs: Update register_rest_route docblock to reflect additions since 5.5
#51064 - Bootstrap/Load: Consider adding "local" as environment on \ 
WP_ENVIRONMENT_TYPE
#51073 - Administration: Extra padding below the admin bar
#51075 - Docs: Update docs for custom logo functions
#51122 - Docs: add a mention about the use of loading attribute in \ 
wp_get_attachment_image function
#51127 - UI/CSS: Remove non-color related styling from Modern color scheme
#51129 - Upgrade/Install: Only display the auto-update links on the Network \ 
Admin > Themes screen for themes that support the feature
#51337 - Template: wp_terms_checklist not checking selected taxonomy items with \ 
selected_cats option
#51184 - get_the_date() checks $format only for empty variable and fails on \ 
false boolean
#51182 - Theme_Installer_skin::do_overwrite does not work on a Windows server
#38009 - #reply-title.comment-reply-title not updating when replying to an individual
#51123 - commonL10n and other JS globals removed without backwards compatibility
#50848 - Clarify the usage of null for auto_update_{$type} filter
#51081 - Fatal Error - Undefined get_page_templates() in Customizer
#51154 - sitemaps should be initialized before each test is run
#51028 - Dot should be out of the quotes

Block editor changes from GitHub:

PR24609 -  Fix missing selected block highlighting in list view
PR24599 -  Fix specificity for buttons with outline style and background colors
PR24533 -  Fix incorrect aria description in List View
PR24516 -  Fix regression bug for category select in QueryControls component
PR24478 -  Fix tiny editor preview when using Mobile or Tablet options with \ 
metaboxes enabled

Log message:
Security and maintenance update to Wordpress 5.4.2.

Changes:

WordPress versions 5.4 and earlier are affected by the following bugs, which are \ 
fixed in version 5.4.2. If you haven’t yet updated to 5.4, there are also \ 
updated versions of 5.3 and earlier that fix the security issues.

- Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated \ 
users with low privileges are able to add JavaScript to posts in the block \ 
editor.
- Props to Luigi – (gubello.me) for discovering an XSS issue where \ 
authenticated users with upload permissions are able to add JavaScript to media \ 
files.
- Props to Ben Bidner of the WordPress Security Team for finding an open \ 
redirect issue in wp_validate_redirect().
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Props to Simon Scannell of RIPS Technologies for finding an issue where \ 
set-screen-option can be misused by plugins leading to privilege escalation.
- Props to Carolina Nymark for discovering an issue where comments from \ 
password-protected posts and pages could be displayed under certain conditions.

Thank you to all of the reporters for privately disclosing the vulnerabilities. \ 
This gave the security team time to fix the vulnerabilities before WordPress \ 
sites could be attacked.

More details on \ 
https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

Log message:
Update to version 5.4.1.

Changes for 5.4:

Too much to include here, visit \ 
https://wordpress.org/support/wordpress-version/version-5-4/

Changes for 5.4.1:

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 \ 
fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, \ 
there are also updated versions of 5.3 and earlier that fix the security issues.

- Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an \ 
issue where password reset tokens were not properly invalidated
- Props to ka1n4t for finding an issue where certain private posts can be viewed \ 
unauthenticated
- Props to Evan Ricafort for discovering an XSS issue in the Customizer
- Props to Ben Bidner from the WordPress Security Team who discovered an XSS \ 
issue in the search block
- Props to Nick Daugherty from WPVIP.com / WordPress Security Team who \ 
discovered an XSS issue in wp-object-cache
- Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently \ 
reported an XSS issue in file uploads.
- Additionally, an authenticated XSS issue in the block editor was discovered by \ 
Nguyen the Duc in WordPress 5.4 RC1 and RC2. It was fixed in 5.4 RC5. We wanted \ 
to be sure to give credit and thank them for all of their work in making \ 
WordPress more secure.

WordPress 5.4.1 also fixes some regressions introduced in version 5.4:

#49838 – Accessibility: Fix the headings hierarchy on the Freedoms page
#49798 – Customize: Give the WordPress logo a white background for dark mode \ 
browsers
#49853 – Mail: Make the check for empty post title in wp-mail.php more resilient
#49753 – Media: Remove display: none; from the (visually hidden) <input \ 
type="file"> button used in Plupload to select files for uploading. \ 
Fixes selecting files in Edge <= 44 and iOS Safari
#49772 – Privacy: Support additional elements (table, ol, ul) in privacy \ 
policy guide new styling
#49802 – Privacy: Make the deprecated wp_get_user_request_data() function \ 
available on front end
#49645 – REST API: Fix revisions controller get_item permission check
#49648 – REST API: Fix _fields filtering of registered rest fields
#49824 – Site Health: Instantiation prevents use of some hooks by plugins
#49759 – Taxonomy: Un-deprecate category_link and tag_link filters
#49974 – Block Editor updates

Log message:
Update to version 5.3.2.

Changes:

Version 5.3.2:
Maintenance updates
- Date/Time: Ensure that get_feed_build_date() correctly handles a modified post \ 
object with invalid date.
- Uploads: Fix file name collision in wp_unique_filename() when uploading a file \ 
with upper case extension on non case-sensitive file systems.
- Media: Fix PHP warnings in wp_unique_filename() when the destination directory \ 
is unreadable.
- Administration: Fix the colors in all color schemes for buttons with the \ 
.active class.
- Tests/build tools: In wp_insert_post(), when checking the post date to set \ 
future or publish status, use a proper delta comparison.

Version 5.3.1:
Security fixes
- Props to Daniel Bachhuber for finding an issue where an unprivileged user \ 
could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an \ 
issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() \ 
to ensure that it is aware of the named colon attribute.
- Props to Nguyen The Duc for discovering a stored XSS vulnerability using block \ 
editor content.

Maintenance updates
- Administration: improvements to admin form controls height and alignment \ 
standardization (see related dev note), dashboard widget links accessibility and \ 
alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS \ 
based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in \ 
specific languages and make get_permalink() more resilient against PHP timezone \ 
changes.
- Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
- External libraries: update sodium_compat.
- Site health: allow the remind interval for the admin email verification to be \ 
filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and \ 
exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user’s locale \ 
instead of the site locale.