This release is based on the WordPress 5.2 release and includes the newly introduced features in it, WSOD recovery, site health page, and enhanced signature verification for themes and plugins being downloaded from wordpress.org where applicable.
We do not expect to port any new features from WordPress for the 1.0 release, only bug fixes.
Other major changes include:
Elimination of Gravatar as a source for comment and user avatars
Gravatar is a source of obvious privacy violations, as it lets Auttomatic track people surfing the sites that use it. It can also be used for the deception of who is the actual author of a comment, and it is relatively easy to extract the actual email address from its URLs.
Two different methods are employed to generate avatars that can be used in the places where gravatar is currently being used
- As a default, use the modern approach to generating avatars based on the commenter/user name with some background color which can be used as a “random” factor to help differentiate between people with the same name.
The current implementation goes with a simple color scheme that ensures high contrast. - Each registered user which can upload images can set its own image avatar which will be used on the admin side and for the comment he leaves. An admin can upload and configure an image for users who do not have upload files permission.
The future goal is to relax the restriction and let all users upload their own avatar image.
Explicitly enable other sites to embed content from your site
The functionality should have probably just been moved to a core plugin, but as first step there is now a possibility to control the feature from the “reading” setting screen, with the default state being “off”.
Disable comments feeds, outdated feed protocols, and allow turning feeds off
Comment feeds never made much sense, and with all browsers deprecating support for “life” feeds, its questionable utility had dropped to zero.
Out of the post feed types, RSS2 seems to be the most widely used, with easy integration with critical services like MailChimp, which seems to be a good reason to keep it in the core. Other feed types, with the exception of ATOM, are just an anachronism not being used by anyone and were removed. ATOM might still have value to someone and therefore it is not removed but relegated to a core plugin.
In addition, under the belief that nothing except for web publishing should be “on” by default, the ability to control whether the site has feeds at all was added and it is implemented by setting the number of posts in a feed to zero (which is the default setting).
The RSS widget and the simplepie library moved into the core plugin
RSS is just not a very flexible way to get infomation from external sites which limits the ability to do anything which is not very trivial with it.
As it is still easier to use over designing your own data exchange protocol and therefore has some utility, we keep supporting the functionality, but as a plugin and not in the core itself.
Setting post excerpts moved to a core plugin
Real life experience shows that you want to show different excerpts in different contexts, therefore the idea that a post has one canonical excerpt is just a fail.
Keeping the functionality as a core plugin for people that migrate from sites that already have the excerpt set and need to be able to manage it.