WordPress 6.4.1, a minor maintenance release, was rolled out on November 9, 2023, to fix a critical bug that affected cURL requests in WordPress 6.4. The bug caused some WordPress sites to fail to connect to external services or update plugins and themes.
cURL is a software library that allows WordPress to communicate with other servers using various protocols, such as HTTP, HTTPS, FTP, and SMTP. WordPress uses cURL to perform tasks such as fetching RSS feeds, checking for updates, sending emails, and connecting to third-party APIs.
However, WordPress 6.4, which was released on November 2, 2023, introduced a regression that caused cURL requests to timeout after 10 seconds, regardless of the value set in the
CURLOPT_TIMEOUT option. This meant that any cURL request that took longer than 10 seconds to complete would fail, resulting in errors or unexpected behavior on WordPress sites.
Some of the symptoms of the cURL bug include:
- WordPress sites not being able to check for updates or install new plugins and themes from the WordPress repository or other sources.
- WordPress sites not being able to send or receive emails using SMTP or other protocols that rely on cURL.
- WordPress sites not being able to access external services or APIs that require cURL, such as Google Analytics, Facebook, Twitter, Mailchimp, Stripe, PayPal, and others.
- WordPress sites displaying errors or warnings related to cURL, such as
cURL error 28: Operation timed outor
cURL error 7: Failed to connect.
How did WordPress developers discover and fix the cURL bug?
The cURL bug was first reported by WordPress users on the WordPress support forums and the WordPress core Trac shortly after the release of WordPress 6.4. The bug was traced to a change in the
wp-includes/class-http.php file that was intended to improve the performance of cURL requests by setting the
CURLOPT_CONNECTTIMEOUT option to 10 seconds. However, this option also overrode the
CURLOPT_TIMEOUT option, which was supposed to be set by the
WordPress developers quickly identified the cause of the bug and proposed a patch that reinstated the
wpdb::$use_mysqli property, which was accidentally removed in WordPress 6.4. The property is used to check whether WordPress is using the mysqli or mysql extension to connect to the database, and affects the behavior of cURL requests.
The patch was tested and confirmed to resolve the cURL bug by several WordPress users and contributors. The patch was then merged into the WordPress core and released as WordPress 6.4.1 on November 9, 2023, along with three other minor fixes related to typos, accessibility, and compatibility.
How can WordPress users update to WordPress 6.4.1 and avoid the cURL bug?
WordPress 6.4.1 is a short-cycle release that does not introduce any new features or major changes. It is highly recommended that WordPress users update to WordPress 6.4.1 as soon as possible to avoid the cURL bug and ensure the security and functionality of their sites.
WordPress users can update to WordPress 6.4.1 in one of the following ways:
- Use the WordPress Beta Tester plugin and select the Point Release channel and the Nightlies stream. This will install the latest build of WordPress 6.4.1, which may include additional fixes or improvements.
- Use WP-CLI to update WordPress from the command line:
wp core update (https://wordpress.org/news/2023/11/wordpress-6-4-1-maintenance-release/).
- Download WordPress 6.4.1 from WordPress.org and manually install it on their site:
- Visit their WordPress Dashboard, click “Updates”, and then click “Update Now”.
WordPress users who have sites that support automatic background updates do not need to take any action, as the update process will begin automatically.
WordPress 6.4.1 is a testament to the power and capability of the WordPress community, which was able to discover, report, fix, and release a critical bug fix in less than a week. WordPress users and developers are encouraged to continue to test, report, and contribute to WordPress core development, and to join the communication channels on Slack and Trac.