WordPress.org

WordPress 3.3.2 (and WordPress 3.4 Beta 3)

Posted April 20, 2012 by Andrew Nacin. Filed under Development, Releases, Security.

WordPress 3.3.2 is available now and is a security update for all previous versions.

Three external libraries included in WordPress received security updates:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.

WordPress 3.3.2 also addresses:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.

Download WordPress 3.3.2 or update now from the Dashboard → Updates menu in your site’s admin area.

WordPress 3.4 Beta 3 also available

Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)

This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!

Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.

WordPress 3.4 Beta 2

Posted April 12, 2012 by Jen. Filed under Releases.

Howdy, folks! Another week, another beta. Since we released Beta 1 last week, we’ve committed more than 60 bug fixes and feature adjustments based on testing and feedback. If you’ve been testing Beta 1, please update to Beta 2 to make sure things are still working for you. If you are a theme or plugin author and have not yet started testing your code against the 3.4 beta, now’s the perfect time to start. And as always, if you find any bugs, let us know! Full details on testing and bug reporting can be found in last week’s Beta 1 post.

Download WordPress 3.4 Beta 2

WordPress 3.4 Beta 1

Posted April 5, 2012 by Jen. Filed under Releases.

WordPress 3.4 is ready for beta testers!

As always, this is software still in development and we don’t recommend that you run it on a production site — set up a test site just to play with the new version. If you break it (find a bug), please report it, and if you’re a developer, try to help us fix it.

If all goes well, we hope to release WordPress 3.4 in May. The more help we get with testing and fixing bugs, the sooner we will be able to release the final version. If you want to be a beta tester, you should check out the Codex article on how to report bugs.

Here’s some of what’s new:

  • Theme Customizer with Previewer
  • Flexible Custom Header Sizes
  • Selecting Custom Header and Background Images from Media Library
  • Better experience searching for and choosing a theme

And some of the under-the-hood changes:

  • New XML-RPC API for external and mobile applications
  • New API for registering theme support for custom headers and backgrounds
  • Performance improvements to WP_Query by splitting the query (Please test!)
  • Internationalization improvements (improved performance and locale support)
  • Performance and API improvements when working with lists of installed themes
  • Support for installing child themes from the WordPress Themes Directory

Remember, if you find something you think is a bug, report it! You can bring it up in the alpha/beta forum, you can email it to the wp-testers list, or if you’ve confirmed that other people are experiencing the same bug, you can report it on the WordPress Core Trac. (We recommend starting in the forum or on the mailing list.)

Theme and plugin authors, if you haven’t been following the 3.4 development cycle, please start now so that you can update your themes and plugins to be compatible with the newest version of WordPress.

Download WordPress 3.4 Beta 1

See Also:

Want to follow the code? There’s a development P2 blog and you can track active development in the Trac timeline that often has 20–30 updates per day.

Want to find an event near you? Check out the WordCamp schedule and find your local Meetup group!

For more WordPress news, check out the WordPress Planet or subscribe to the WP Briefing podcast.

Categories

Subscribe to WordPress News

Join 1,930,686 other subscribers

Archives

%d bloggers like this: