Bedrock 1.12.5 Released

Bedrock 1.12.5 has been released with a minor change to development environments as of WordPress 5.2.

This update prevents the new WordPress’ built-in fatal error handler from running on development. Bedrock 1.12.4 was also released last week with a few other changes:

  • Update to WordPress 5.2 (#432)
  • Configure WP-CLI wp server webroot (#427)
  • Fix issue with bedrock_autoloader option (#386)

WordPress 5.2 introduced a Site Health Status page from the Tools menu which isn’t accessible on non-development Bedrock environments due to a new bug: Site Health: not showing if DISALLOW_FILE_MODS is set to true. It looks like WordPress core will have this fixed in 5.2.1.

Signature verification in WordPress 5.2

Paragon Initiative Enterprises wrote about the new signature verification in WordPress 5.2:

Before WordPress 5.2, if you wanted to infect every WordPress site on the Internet (approximately 33.8% of websites as of this writing), you just had to hack their update server. Upon doing so, you can trick the automatic update feature into downloading and installing arbitrary code, which allows you to do all sorts of nefarious things (e.g. build the world’s largest DDoS botnet).

After WordPress 5.2, you would need to pull off the same attack and somehow pilfer the signing key from the WordPress core development team.

The work that went into WordPress 5.2 started many years ago and only covers core updates. Themes and plugins are still not cryptographically signed.

Development updates in WordPress 5.2

Some of the development updates in WordPress 5.2 include:

  • The minimum supported PHP version is now 5.6.20
  • Addition of wp_body_open hook (you must update your theme to add the hook within the body tag)

Thank you

Thanks for the code and review contributions in the latest Bedrock releases from:

Start the discussion on Roots Discourse

Help support our open-source development efforts

Help grow Roots

Join over 6,000 subscribers on our newsletter to get the latest Roots updates, along with occasional tips on building better WordPress sites.

Looking for WordPress plugin recommendations, the newest modern WordPress projects, and general web development tips and articles?

“Easily the best WordPress email I get.” Colin OBrien

Follow us on Twitter @rootswp

Ready to checkout?