WordPress.org

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

Thank you to the reporters of this issue for practicing responsible security disclosure: Enguerran Gillier and Widiz.

21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:

• JavaScript errors that prevented saving posts in Firefox have been fixed.
• The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
• Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.
  

The Codex has more information about all of the issues fixed in 4.9.2, if you'd like to learn more.

Download WordPress 4.9.2 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.2:

0x6f0, Aaron Jorbin, Andrea Fercia, Andrew Duthie, Andrew Ozz, Blobfolio, Boone Gorges, Caleb Burks, Carolina Nymark, chasewg, Chetan Prajapati, Dion Hulse, Hardik Amipara, ionvv, Jason Caldwell, Jeffrey Paul, Jeremy Felt, Joe McGill, johnschulz, Juhi Patel, Konstantin Obenland, Mark Jaquith, Nilambar Sharma, Peter Wilson, Rachel Baker, Rinku Y, Sergey Biryukov, and Weston Ruter.

Activity slowed down in December in the WordPress community, particularly in the last two weeks. However, the month started off with a big event and work pushed forward in a number of key areas of the project. Read on to find out more about what transpired in the WordPress community as 2017 came to a close.

---

WordCamp US 2017 Brings the Community Together

The latest edition of WordCamp US took place last month in Nashville on December 1-3. The event brought together over 1,400 WordPress enthusiasts from around the world, fostering a deeper, more engaged global community.

While attending a WordCamp is always a unique experience, you can catch up on the sessions on WordPress.tv and look through the event photos on Facebook to get a feel for how it all happened. Of course, Matt Mullenweg’s State of the Word talk is always one of the highlights at this event.

The next WordCamp US will be held in Nashville again in 2018, but if you would like to see it hosted in your city in 2019 and 2020, then you have until February 2 to apply.

WordPress User Survey Data Is Published

Over the last few years, tens of thousands of WordPress users all over the world have filled out the annual WordPress user survey. The results of that survey are used to improve the WordPress project, but that data has mostly remained private. This has changed now and the results from the last three surveys are now publicly available for everyone to analyze.

The data will be useful to anyone involved in WordPress since it provides a detailed look at who uses WordPress and what they do with it — information that can help inform product development decisions across the board.

New WordPress.org Team for the Tide Project

As announced at WordCamp US, the Tide project is being brought under the WordPress.org umbrella to be managed and developed by the community.

Tide is a series of automated tests run against every plugin and theme in the directory to help WordPress users make informed decisions about the plugins and themes that they choose to install.

To get involved in developing Tide, jump into the #tide channel in the Making WordPress Slack group, and follow the Tide team blog.

---

Further Reading:

• If you’re following the development of Gutenberg, or if you want a primer on where it’s headed, then Morten Rand-Hendriksen’s talk from WordCamp US is a must watch.
• The annual surveys for WordPress meetup members and meetup organizers are available for people to fill out — if you’re involved in or attend your local meetup group then be sure to complete those.
• 10up has a brand new plugin in beta that will assist with powerful and flexible content publishing and syndication across WordPress sites.
• The Community Team is exploring a move to make the recently developed CampSite theme the default theme for all new WordCamp websites. This is the theme that was developed and employed for WordCamp Europe 2017.
• The team working on the multisite features of WordPress Core has recently published their planned roadmap for development.

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.