Have you taken the WordPress 2015 Survey yet?

WordPress.org

WordPress 4.3.1 Security and Maintenance Release

Posted September 15, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
  • A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
  • Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.

Thanks to everyone who contributed to 4.3.1:

Adam Silverstein, Andrea FerciaAndrew Ozz, Boone Gorges, Brandon Kraft, chriscct7, Daisuke Takahashi, Dion Hulse, Dominik Schilling, Drew Jaynes, dustinbolton, Gary Pendergast, hauvong, James Huff, Jeremy Felt, jobst, Marin Atanasov, Nick Halsey, nikeo, Nikolay Bachiyski, Pascal Birchler, Paul Ryan, Peter Wilson, Robert Chapin, Samuel Wood, Scott Taylor, Sergey Biryukov, tmatsuur, Tracy Levesque, Umesh Nevase, vortfu, welcher, Weston Ruter

WordPress 4.3 “Billie”

Posted August 18, 2015 by Matt Mullenweg. Filed under Releases.

WordPress 4.3 - "Billie"

Version 4.3 of WordPress, named “Billie” in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard. New features in 4.3 make it even easier to format your content and customize your site.

Menus in the Customizer

Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.

Formatting Shortcuts

Your writing flow just got faster with new formatting shortcuts in WordPress 4.3. Use asterisks to create lists and number signs to make a heading. No more breaking your flow; your text looks great with a * and a #.

Site Icons


 
Site icons represent your site in browser tabs, bookmark menus, and on the home screen of mobile devices. Add your unique site icon in the customizer; it will even stay in place when you switch themes. Make your whole site reflect your brand.

Better Passwords


 
Keep your site more secure with WordPress’ improved approach to passwords. Instead of receiving passwords via email, you’ll get a password reset link. When you add new users to your site or edit a user profile, WordPress will automatically generate a secure password.

Other improvements

  • A smoother admin experience – Refinements to the list view across the admin make your WordPress more accessible and easier to work with on any device.
  • Comments turned off on pages – All new pages that you create will have comments turned off. Keep discussions to your blog, right where they’re supposed to happen.
  • Customize your site quickly – Wherever you are on the front-end, you can click the customize link in the toolbar to swiftly make changes to your site.

The Team

Konstantin ObenlandThis release was led by Konstantin Obenland, with the help of these fine individuals. There are 246 contributors with props in this release. Pull up some Billie Holiday on your music service of choice, and check out some of their profiles:

@mercime, Aaron D. Campbell, Aaron Jorbin, Adam Heckler, Adam Silverstein, Aki Bjorklund, Alex Kirk, Alex Mills (Viper007Bond), Alex Shiels, Alin Marcu, andfinally, Andrea Fercia, Andrea Gandino, Andrew Nacin, Andrew Ozz, Andy Fragen, Ankit K Gupta, Anthony Burchell, anubisthejackle, Aram Zucker-Scharff, Arjun S Kumar, avnarun, Bad Feather, Ben Cole, Ben Dunkle, BinaryKitten, Birgir Erlendsson (birgire), Bjorn Johansen, bolo1988, Boone B. Gorges, Brad Touesnard, Bram Duvigneau, Brandon Kraft, Brian Krogsgard, Brian Layman, Caleb Burks, CalEvans, Chase Wiseman, Chip Bennett, Chouby, Chris Olbekson, chriscct7, Craig Ralston, Daisuke Takahashi, Daniel Bachhuber, Daniel Jalkut (Red Sweater), Daniele Mte90 Scasciafratte, daniluk4000, Dave McHale, DaveAl, David A. Kennedy, David Herrera, daxelrod, Denis de Bernardy, Dennis Ploetner, Derek Herman, Dion Hulse, dipesh.kakadiya, dmsnell, Dominik Schilling, Drew Jaynes, dustinbolton, Dzikri Aziz, eclev91, eligijus, Elio Rivero, Ella Iseulde Van Dorpe, Eric Andrew Lewis, Eric Binnion, Eric Mann, Fabien Quatravaux, Felix Arntz, francoeurdavid, Frank Klein, gabrielperezs, Garth Mortensen, Gary Jones, Gary Pendergast, George Stephanis, glennm, gtuk, hailin, hauvong, Helen Hou-Sandí, henrikakselsen, Hinaloe, Hrishikesh Vaipurkar, Hugo Baeta, Iain Poulson, imath, Ipstenu (Mika Epstein), isaacchapman, izem, J.D. Grimes, Jack Lenox, jadpm, James Huff, jamesgol, jancbeck, Jeff Farthing, Jeremy Felt, Jeremy Pry, Jeremy Ward, Jesin A, jipmoors, jjberry, Jobst Schmalenbach, Joe Dolson, Joe Hoyle, Joe McGill, Joey Kudish, John Blackbourn, John James Jacoby, John Leschinski, Joost de Valk, Josh Davis, Jpyper, jrf, Julio Potier, Justin Sternberg, Kai, karinchristen, karpstrucking, Kelly Dwan, Kevin Koehler, kitchin, Kite, Konstantin Kovshenin, Lance Willett, Lee Willis, Leo Gopal, loushou, Lumaraf, Marin Atanasov, Mario Peshev, Marius (Clorith), Mark Jaquith, Marko Heijnen, marsjaninzmarsa, martinsachse, Matt Mullenweg, Matt van Andel, Matt Wiebe, mattyrob, Mel Choyce, Michael, Michael Adams (mdawaffe), Michael Arestad, michaelryanmcneill, Mickey Kay, mihai, Mike Hansen, Mike Nelson, Mike Schroder, Milan Dinic, Morgan Estes, mrutz, nabil_kadimi, Naoko Takano, Nazmul Hossain Nihal, nicholas_io, Nick Halsey, Nick Momrik, nikeo, Nikolay Bachiyski, Nilambar Sharma, Onni Hakala, Ozh, Paresh Radadiya, Pascal Birchler, Paul Gibbs, Paul Ryan, Paul Wilde, pavelevap, Pete Nelson, Peter Wilson, PeterRKnight, Philip Arthur Moore, Pippin Williamson, posykrat, pragunbhutani, Rachel Baker, Rami Yushuvaev, rarylson, Rastislav Lamos, rauchg, Ravinder Kumar, RC Lations, Reuben Gunday, Rian Rietveld, Ritesh Patel, Robert Chapin, Robert Dall, Rodrigo Primo, Rommel Castro, Ross Wintle, Rouven Hurling, Ryan Boren, Ryan Marks, Ryan McCue, Ryan Neudorf, Ryan Welcher, Sagar Jadhav, Sal Ferrarello, Samir Shah, santagada, Scott Kingsley Clark, Scott Reilly, Scott Taylor, scribu, scruffian, Sean Hayes, Sebastian, Sergey Biryukov, Shawn Hooper, Sheri Bigelow, Simon Wheatley, Siobhan, Stanko Metodiev, Stephane Daury (stephdau), Stephen Edgar, Steve Grunwell, Steven Word, stuartshields, Sudar, Sunny Ratilal, taka2, tharsheblows, Thor Brink, Tim Smith, tlexcellent, tmatsuur, TobiasBg, Tomas Mackevicius, TomHarrigan, Toro_Unit (Hiroshi Urabe), Toru Miki, Tracy (LilJimmi) Levesque, Tryon Eggleston, Ty Carlson, Udit Desai, Umesh Nevase, vivekbhusal, vortfu, Weston Ruter, Will Norris, willgladstone, William Earnhardt, willstedt, Yoav Farhi, Yuri Salame, Zach Wills, Zack Katz, and Zack Tollman.

 

Special thanks go to Siobhan McKeown for producing the release video, Hugo Baeta for the design, and Jack Lenox for the voice-over.

Finally, thanks to all of the contributors who provided subtitles for the release video, which at last count had been translated into 30 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.4!

WordPress 4.2.4 Security and Maintenance Release

Posted August 4, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the RC 1 announcement post.

WordPress 4.3 Release Candidate

Posted July 29, 2015 by Konstantin Obenland. Filed under Development, Releases.

The release candidate for WordPress 4.3 is now available.

We’ve made more than 100 changes since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.3 on Tuesday, August 18, but we need your help to get there.

If you haven’t tested 4.3 yet, now is the time!

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.3 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For more information about what’s new in version 4.3, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.

Developers, please test your plugins and themes against WordPress 4.3 and update your plugin’s Tested up to version in the readme to 4.3 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Be sure to follow along the core development blog, where we’ll continue to post notes for developers for 4.3.

Drei Monate Arbeit
Endlich das Ziel vor Augen
Bald hab ich Urlaub!

WordPress 4.2.3 Security and Maintenance Release

Posted July 23, 2015 by Gary Pendergast. Filed under Releases, Security.

WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.

Thanks to everyone who contributed to 4.2.3:

Aaron Jorbin, Andrew Nacin, Andrew Ozz, Boone Gorges, Chris Christoff, Dion Hulse, Dominik Schilling, Ella Iseulde Van Dorpe, Gabriel Pérez, Gary Pendergast, Mike Adams, Robert Chapin, Nikolay Bachiyski, Ross Wintle, and Scott Taylor.

WordPress 4.3 Beta 4

Posted July 22, 2015 by Konstantin Obenland. Filed under Development, Releases.

WordPress 4.3 Beta 4 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.3, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.3, check out the Beta 1, Beta 2, and Beta 3 blog posts. Some of the changes in Beta 4 include:

  • Fixed several bugs and broken flows in the publish box in the edit screen.
  • Addressed a number of edge cases for word count in the editor.
  • Site icons can now be previewed within the customizer. The feature has been removed from general settings.
  • Various bug fixes. We’ve made more than 60 changes in the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Few Tickets Remain
Edge Cases Disappearing
You Must Test Today

WordPress 4.3 Beta 3

Posted July 15, 2015 by Konstantin Obenland. Filed under Development, Releases.

WordPress 4.3 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.3, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.3, check out the Beta 1 and Beta 2 blog posts. Some of the changes in Beta 3 include:

  • Performance improvements for Menus in the Customizer, as well as bug fixes and visual enhancements.
  • Added Site Icon to the Customizer. The feature is now complete and requires lots of testing. Please help us ensure the site icon feature works well in both Settings and the Customizer.
  • The improvements to Passwords have been added to the installation flow. When installing and setting up WordPress, a strong password will be suggested to site administrators. Please test and let us know if you encounter issues.
  • Improved accessibility of comments and media list tables. If you use a screen reader, please let us know if you encounter any issues.
  • Lots and lots of code documentation improvements.
  • Various other bug fixes. We’ve made more than 140 changes in the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Want to test new things?
Wonder how four three shapes up?
Answer: beta three

WordPress 4.3 Beta 2

Posted July 8, 2015 by Konstantin Obenland. Filed under Development, Releases.

WordPress 4.3 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.3, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.3, check out the Beta 1 blog post. Some of the changes in Beta 2 include:

  • Fixed an issue in beta 1 where an alert appeared when saving or publishing a new post/page for the first time.
  • Customizer improvements including enhanced accessibility, smoother menu creation and location assignment, and the ability to handle nameless menus. Please help us test menus in the Customizer to fix any remaining edge cases!
  • More robust list tables with full content support on small screens and a fallback for the primary column for custom list tables. We’d love to know how these list tables, such as All Posts and Comments, work for you now on small screen devices.
  • The Site Icon feature has been improved so that cropping is skipped if the image is the exact size (512px square) and the media modal now suggests a minimum icon size. Please let us know how the flow feels and if you encounter any glitches!
  • The toolbar now has a direct link to the customizer, along with quick access to themes, widgets, and menus in the dashboard.
  • We enabled utf8mb4 for MySQL extension users, which was previously unintentionally limited to MySQLi users. Please let us know if you run into any issues.
  • Various bug fixes. We’ve made almost 100 changes in the last week.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Edges polished up
Features meliorated
Beta Two: go test!

WordCamps Update

Posted by Andrea Middleton. Filed under Community, Events.

Last week saw the halfway point for 2015, yay! This seems like a good time to update you on WordCamp happenings in the first half of this year.

There have been 39 WordCamps in 2015 so far, with events organized in 17 different countries and on 5 continents. More than 14,000 people have registered for WordCamp tickets so far this year, isn’t that amazing?

WordCamp Europe was held in Seville, Spain just a few weeks ago, with close to 1,000 registered participants and over 500 live stream participants. You can watch  Matt Mullenweg’s keynote Q&A session from WordCamp Europe right now on WordPress.tv.

WordPress.tv has published 537 videos so far in 2015 from WordCamps around the world. Some of the more popular 2015 WordCamp talks on WordPress.tv include Tammie Lister: Theme, Don’t Be My Everything from WordCamp Maui, Jenny Munn: SEO for 2015 – What’s In, What’s Out and How to Be In It to Win It (For Good) from WordCamp Atlanta, Fabrice Ducarme: Les Constructeurs de Page pour WordPress from WordCamp Paris, Ben Furfie: How to Value Price Websites from WordCamp London, and Morten Rand-Hendriksen: Building Themes From Scratch Using Underscores (_S) from WordCamp Seattle. Check them out!

Lots of great WordCamps are still to come

WordCamp US is currently in pre-planning, in the process of deciding on a host city. The following cities have proposed themselves as a great place to host the first WordCamp US: Chattanooga, Chicago, Detroit, Orlando, Philadelphia, and Phoenix. It’s possible the first WordCamp US will be held in 2016 so we can organize the best first WordCamp US imaginable.

At this time, there are 28 WordCamps, in 9 different countries, that have announced their dates for the rest of 2015. Twelve of these have tickets on sale:

The other 16 events don’t have tickets on sale yet, but they’ve set their dates! Subscribe to the sites to find out when registration opens:

On top of all those exciting community events, there are 26 WordCamps in pre-planning as they look for the right event space.  If you have a great idea for a free or cheap WordCamp venue in any of the below locations, get in touch with the organizers through the WordCamp sites:

Don’t see your city on the list, but yearning for a local WordCamp? WordCamps are organized by local volunteers from the WordPress community, and we have a whole team of people to support new organizers setting up a first-time WordCamp. If you want to bring WordCamp to town, check out how you can become a WordCamp organizer!

WordPress 4.3 Beta 1

Posted July 2, 2015 by Konstantin Obenland. Filed under Development, Releases.

WordPress 4.3 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.3, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

4.3 is due out next month, but to get there, we need your help testing what we’ve been working on:

  • Menus can now be managed with the Customizer, which allows you to live preview changes you’re making without changing your site for visitors until you’re ready. We’re especially interested to know if this helps streamline the process of setting up your site (#32576).
  • Take control of another piece of your site with the Site Icon feature. You can now manage your site’s favicon and app icon from the admin area (#16434).
  • We put a lot of work into Better Passwords throughout WordPress. Now, WordPress will limit the life time of password resets, no longer send passwords via email, and generate and suggest secure passwords for you. Try it out and let us know what you think! (#32589)
  • We’ve also added Editor Improvements. Certain text patterns are automatically transformed as you type, including * and - transforming into unordered lists, 1. and 1) for ordered lists, > for blockquotes and two to six number signs (#) for headings (#31441).
  • We’ve improved the list view across the admin dashboard. Now, when you view your posts and pages on small screen devices, columns are not truncated and can be toggled into view (#32395).

Developers: There have been a few of changes for you to test as well, including:

  • Taxonomy Roadmap: Terms shared across multiple taxonomies will now be split into separate terms on update to 4.3. Please let us know if you hit any snags (#30261).
  • Added singular.php to the template hierarchy as a fallback for single.php and page.php. (#22314).
  • The old Distraction Free Writing code was removed (#30949).
  • List tables now can (and often should) have a primary column defined. We’re working on a fallback for existing custom list tables but right now they likely have some breakage in the aforementioned responsive view (#25408).

If you want a more in-depth view of what changes have made it into 4.3, check out all 4.3-tagged posts on the main development blog.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.

Happy testing!

Site icons for all
Live preview menu changes
Four three beta now

Older Posts »

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: