diff --git a/wp-includes/compat.php b/wp-includes/compat.php
index 24da0adc3e..212ff8e332 100644
--- a/wp-includes/compat.php
+++ b/wp-includes/compat.php
@@ -228,15 +228,18 @@ if ( !function_exists('json_decode') ) {
 
 if ( ! function_exists( 'hash_equals' ) ) :
 /**
- * Compare two strings in constant time.
+ * Timing attack safe string comparison
+ *
+ * Compares two strings using the same time whether they're equal or not.
  *
  * This function was added in PHP 5.6.
- * It can leak the length of a string.
+ *
+ * Note: It can leak the length of a string when arguments of differing length are supplied.
  *
  * @since 3.9.2
  *
  * @param string $a Expected string.
- * @param string $b Actual string.
+ * @param string $b Actual, user supplied, string.
  * @return bool Whether strings are equal.
  */
 function hash_equals( $a, $b ) {
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 10dc4327b1..40f36e2229 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.5-alpha-35804';
+$wp_version = '4.5-alpha-35805';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.