WordPress.org

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:

• Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
• Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
• Networks: Suggest proper rewrite rules when creating a new network.
• Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
• Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
• Suppress some warnings that could occur when a plugin misused the database or user APIs.

Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you will need to follow the steps outlined on the Codex.

WordPress 3.5.1 also addresses the following security issues:

• A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
• Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
• A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Download 3.5.1 or visit Dashboard → Updates in your site admin to update now.

Another year is coming to a close, and it’s time to look back and reflect on what we’ve accomplished in the past twelve months. The WordPress community is stronger than ever, and some of the accomplishments of the past year are definitely worth remembering.

Software Releases

We had two major releases of the WordPress web application with versions 3.4 and 3.5, as well as 5 security releases during 2012. 3.4 included the theme customizer, while 3.5 became the long awaited “media release” featuring a new uploader and gallery management tool. 3.5 contained code contributions from more people than ever, and we hope to continue growing the contributor ranks in the year ahead. We currently have native apps on 6 mobile platforms — iOS, Android, Blackberry, Windows Phone, Nokia, and WebOS — and saw several updates there as well.

Plugin Directory

A number of improvements were made to the Plugin Directory in 2012. More cosmetic  updates, like the introduction of branded plugin page headers, make it a nicer browsing experience, while functional changes like better-integrated support forums, plugin reviews, and a favorites system made the plugin directory even more useful as a resource.

The “Make” Network and Team Reps

2012 was the year that saw the creation of Make.wordpress.org, a network of sites for the teams of contributors responsible for the different areas of the WordPress project. Now anyone can follow along and get involved with the teams that work on core, theme review, forum support, documentation, and more. In 2013 we’ll work to improve these sites to make it easier to become a contributor. Each team also now has elected Team Reps, a new role that has already led to more cross-team communication. Team reps post each week to the Updates blog so that the other reps can keep up with what’s going on in other teams.

WordPress Community Summit

At the end of October, about 100 of the most influential and respected members of the WordPress community attended an inaugural summit to discuss where we all stand, and to figure out where we go next with WordPress. A “conference of conversations,” this unconference made everyone an active participant, and while not every issue brought to the table was solved by the end of the event, the right questions were being asked.

Meetup.com

The WordPress Foundation now has a central account with Meetup.com. We’ve brought in a couple dozen existing meetup groups as a pilot to test the system, and are in the process of working with more existing meetups (as well as new ones) to join us so that local organizers won’t have to pay organizer dues and can get more support from the WordPress project.

Internet Blackout Day

We participated in the protest against SOPA/PIPA, Internet Blackout Day, on January 18. Though we usually stay out of politics, this campaign was important, and we not only participated in the blackout on WordPress.org, we encouraged our users to do so as well, and recommended plugins to provide blackout functionality. It was deemed the largest online protest in history.

WordCamps

And finally, it wouldn’t be a recap without counting up the WordCamps! There were 67 WordCamps around the world in 2012, bringing together WordPress users, developers, and fans. If you didn’t make it to a WordCamp this year, maybe it can be one of your new year resolutions: check the schedule to find one near you!