WordPress.org

I’m pleased to announce the availability of WordPress 3.7 Beta 1.

For WordPress 3.7 we decided to shorten the development cycle and focus on a few key improvements. We plan to release the final product in October, and then follow it in December with a jam-packed WordPress 3.8 release, which is already in development. Some of the best stuff in WordPress 3.7 is subtle — by design! So let’s walk through what we’d love for you to test, just in time for the weekend.

Automatic, background updates. 3.7 Beta 1 will keep itself updated. That’s right — you’ll be updated each night to the newest development build, and eventually to Beta 2. We’re working to provide as many installs as possible with fast updates to security releases of WordPress — and you can help us test by just installing Beta 1 on your server and seeing how it works!

When you go to Dashboard → Updates, you’ll see a note letting you know whether your install is working for automatic updates. There are a few situations where WordPress can’t reliably and securely update itself. But if it can, you’ll get an email (sent to the ‘Admin Email’ on the General Settings page) after each update letting you know what worked and what didn’t. If it worked, great! If something failed, the email will suggest you make a post in the support forums or create a bug report.

Here are some other things you should test out:

• If you’re running WordPress in another language, we’ll automatically download any available translations for official WordPress importers and the default themes. (More to come here.)
• Our password meter got a whole lot better, thanks to Dropbox’s zxcvbn library. Again, subtle but effective. Strong passwords are very important!
• Search results are now ordered by relevance, rather than just by date. When your keywords match post titles and not just content, they’ll be pushed to the top.
• Developers should check out the new advanced date queries in WP_Query. (#18694)

This software is still in development, so we don’t recommend you run it on a production site. I’d suggest setting up a test site just to play with the new version. To test WordPress 3.7, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

As always, if you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.

Happy testing!

WordPress three seven
Saves your weary hand a click
Updates while you sleep

After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release.

WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

• Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
• Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
• Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

We appreciated responsible disclosure of these issues directly to our security team. For more information on the changes, see the release notes or consult the list of changes.

Download WordPress 3.6.1 or update now from the Dashboard → Updates menu in your site’s admin area.