WordPress is a free and open-source Content Management System (CMS), popular among webmasters.
While it was originally developed as a system to publish blogs, the CMS has since evolved to support other types of media contents, to then become one of the most capable CMS in the market. And with its flexibility, WordPress becomes one of the most popular platforms for creating websites.
But its flexibility does have some disadvantages, one of which, is its automatic update feature.
A major WordPress version is dictated by its first two sequences. For example, 3.5 is a major release. So is 3.6, 3.7, all the way up to 4.0. Version 4.0 is no different than 3.9 and 4.1. There isn’t a “WordPress 3” or “WordPress 4”. Typically, major versions allow backward compatibility.
The number that comes after the two sequenced number, marks a minor release. For example, version 3.9.1 is a minor release, and so does the 3.8.2 release.
And this time, a series of missteps happened.
The WordPress development team pushed out a WordPress 5.5.2, which introduced minor fix that include Cross Site Request Forgeries prevention, as well as XSS (Cross Site Scripting) prevention, and more.
The team pushed it out on October 29, 2020 during a routine update that was meant to address some of WordPress' critical issues.
But this minor release however, also introduced a fatal bug that can cause new WordPress installation to fail.
“WordPress 5.5.2 …makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.”
To prevent damage, the team quickly stopped version 5.5.2 from rolling out to more sites.
Since WordPress 3.7, website owners don't have to do anything to update minor versions because WordPress can push the updates automatically to their websites. The team had to stop the release because there was no formal documentation on how to stop a WordPress automatic background update.
Unfortunately, this was when a rogue update pushed itself out automatically.
When the team prevented version 5.5.2 from pushing out, and started making themselves busy in getting WordPress 5.5.3 ready for public release, the automated system on the WordPress platform apparently selected an alpha version of WordPress 5.5.3
In software releases, the term "alpha" is meant for software that is still in its early development cycle.
The term is often used for software that is only meant for tests and for developers who know what they are doing.
Alpha releases can be functional, but are unpolished, buggy, lacks some features, unstable and may have several usability issues. Alpha version of a software release comes before "beta", which is a more polished version of alpha.
This is why pushing out an alpha release to the public can cause catastrophe.
In this case, the WordPress 5.5.3 alpha introduced additional WordPress themes among other things.
While the newly added features don't have real issues (at least until when the team realized their missteps), problems can happen if website owners who use the 5.5.3 alpha and chose to not delete the theme will be burdened with having to keep updating them frequently.
Failure to update those themes could pose real security risks in the future.
What's more, the team also erroneously labeled it as version 5.4.3.
"The 5.5.3-alpha version at this point was functionally identical to 5.5.2 as no development work had been started on 5.5.3, however the following changes may have been made: The default 'Twenty' themes installed as part of the pre-release package. The 'Akismet' plugin installed as part of the pre-release package," explained WordPress in a support page.
This incident here is kind of rare.
Fortunately for the WordPress team, version 5.5.3 is a minor release that doesn't introduce anything much. What this means, the bugs aren't as devastating as bugs on major releases.
After the team managed to replace the 5.5.3 alpha, the WordPress 5.5.3 maintenance release contains “thanks and props” to the development team for fixing the problems that they introduced.
According to the official technical details post:
"The release system is complicated, and trying to do things with it that haven’t been anticipated and documented led to unexpected results. This will be improved through documentation and better code and management of the release system itself.”