WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.
This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.
Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.
The release candidate for WordPress 4.9 is now available.
RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.9 on Tuesday, November 14, but we need your help to get there. If you haven’t tested 4.9 yet, now is the time!
We’ve made almost 30 changes since releasing Beta 4 last week. For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.
Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. An in-depth field guide to developer-focused changes is coming soon on the core development blog. In the meantime, you can review the developer notes for 4.9.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
It’s time for the annual WordPress user and developer survey! If you’re a WordPress user, developer, or business owner, then we want your feedback. Just like previous years, we’ll share the data at the upcoming WordCamp US (WCUS).
It only takes a few minutes to fill out the survey, which will provide an overview of how people use WordPress.
The State of the Word includes stats and an overview of what's new in WordPress and is given every year at WCUS. Don't forget that tickets are available now so you can join the excitement in Nashville this year!
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
For more information on what’s new in 4.9, check out the Beta 1 blog post. Since the Beta 1 release, we’ve made 70 changes in Beta 2, and 92 changes in Beta 3. In Beta 4, we’ve made 80 changes, focusing on bug fixes and finalizing new features.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Beta 4 at last,
RC 1 draws ever near.
Let’s make it bug-free. 🐛🚫
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
For more information on what’s new in 4.9, check out the Beta 1 blog post. Since the Beta 1 release, we’ve made 70 changes in Beta 2 and 92 changes in Beta 3. A few of these newest changes to take note of in particular:
The plugin/theme editors now show files in a scrollable expandable tree list. See #24048.
Backwards compatibility has been improved for MediaElement.js, which is upgraded from 2.2 to 4.2. See #42189.
When you create post stubs in the Customizer (such as for nav menu items, for the homepage or the posts page), if you then schedule your customized changes or save them as a draft, then these Customizer-created posts will appear in the admin as “Customization Drafts”; these drafts can be edited before your customized changes are published, at which time these posts (or pages) will also be automatically published. See #42220.
Theme browsing and installation experience in the Customizer has seen some bugfixes (e.g. #42215 and #42212), with some known remaining issues outstanding in Safari.
There is now a callout on the dashboard to install and activate Gutenberg. See #41316.
Menus in the Customizer have seen additional usability improvements. See #36279 and #42114.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Many refinements
Exist within this release;
Can you find them all?
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
For more information on what’s new in 4.9, check out the Beta 1 blog post. Since then, we’ve made 70 changes in Beta 2.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Let’s test all of these: code editing, theme switches, widgets, scheduling.
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.9, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
WordPress 4.9 is slated for release on November 14, but we need your help to get there. We’ve been working on making it even easier to customize your site. Here are some of the bigger items to test and help us find as many bugs as possible in the coming weeks:
Drafting (#39896) and scheduling (#28721) of changes in the Customizer. Once you save or schedule a changeset, when any user comes into the Customizer the pending changes will be autoloaded. A button is provided to discard changes to restore the Customizer to the last published state. (This is a new “linear” mode for changesets, as opposed to “branching” mode which can be enabled by filter so that every time user opens the Customizer a new blank changeset will be started.)
Addition of a frontend preview link to the Customizer to allow changes to be browsed on the frontend, even without a user being logged in (#39896).
Addition of autosave revisions in the Customizer (#39275).
A brand new theme browsing experience in the Customizer (#37661).
Gallery widget (#41914), following the media and image widgets introduced in 4.8.
Support for adding media to Text widgets (#40854).
Support for adding oEmbeds outside post content, including Text widgets (#34115).
Support for videos from providers other than YouTube and Vimeo in the Video widget (#42039)
Improve the flow for creating new menus in the Customizer (#40104).
Educated guess mapping of nav menus and widgets when switching themes (#39692).
Plugins: Introduce singular capabilities for activating and deactivating individual plugins (#38652).
Sandbox PHP file edits in both plugins and themes, without auto-deactivation when an error occurs; a PHP edit that introduces a fatal error is rolled back with an opportunity then for the user to fix the error and attempt to re-save. (#21622).
Addition of dirty state for widgets on the admin screen, indicating when a widget has been successfully saved and showing an “Are you sure?” dialog when attempting to leave without saving changes. (#23120, #41610)
As always, there have been exciting changes for developers to explore as well, such as:
CodeMirror editor added to theme/plugin editor, Custom CSS in Customizer, and Custom HTML widgets. Integration includes support for linters to catch errors before you attempt to save. Includes new APIs for plugins to instantiate editors. (#12423)
Introduction of an extensible code editor control for adding instances of CodeMirror to the Customizer. (#41897)
Addition of global notifications area (#35210), panel and section notifications (#38794), and a notification overlay that takes over the entire screen in the Customizer (#37727).
Media: Upgrade MediaElement.js to 4.2.5-74e01a40 (#39686).
Media: Use max-width for default captions (#33981). We will want to make sure this doesn’t cause unexpected visual regressions in existing themes, default themes were all fine in testing.
Media: Reduce duplicated custom header crops in the Customizer (#21819).
Media: Store video creation date in meta (#35218). Please help test different kinds of videos.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Happy testing!
Without your testing,
we might hurt the internet.
Please help us find bugs.🐛
This has been an interesting month for WordPress, as a bold move on the JavaScript front brought the WordPress project to the forefront of many discussions across the development world. There have also been some intriguing changes in the WordCamp program, so read on to learn more about the WordPress community during the month of September.
JavaScript Frameworks in WordPress
Early in the month, Matt Mullenweg announced that WordPress will be switching away from React as the JavaScript library WordPress Core might use — this was in response to Facebook’s decision to keep a controversial patent clause in the library’s license, making many WordPress users uncomfortable.
A few days later, Facebook reverted the decision, making React a viable option for WordPress once more. Still, the WordPress Core team is exploring a move to make WordPress framework-agnostic, so that the framework being used could be replaced by any other framework without affecting the rest of the project.
This is a bold move that will ultimately make WordPress core a lot more flexible, and will also protect it from potential license changes in the future.
Community Initiative to Make WordCamps More Accessible
A WordPress community member, Ines van Essen, started a new nonprofit initiative to offer financial assistance to community members to attend WordCamps. DonateWC launched with a crowdsourced funding campaign to cover the costs of getting things up and running.
Now that she’s raised the initial funds, Ines plans to set up a nonprofit organization and use donations from sponsors to help people all over the world attend and speak at WordCamps.
The program’s first phase aims to find community members who will volunteer to mentor, assist, and work alongside local leaders in the incubator communities — this is a time-intensive volunteer role that would need to be filled by experienced WordCamp organizers.
On September 19, WordPress 4.8.2 was released to the world — this was a security release that fixed nine issues in WordPress Core, making the platform more stable and secure for everyone.
Recent Comments