WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.8.1 and earlier are affected by these security issues:
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).
Thank you to the reporters of these issues for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the release notes or consult the list of changes.
Download WordPress 4.8.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.2.
Thanks to everyone who contributed to 4.8.2.
Like this:
Like Loading...
While there haven’t been any major events or big new developments in the WordPress world this past month, a lot of work has gone into developing a sustainable future for the project. Read on to find out more about this and other interesting news from around the WordPress world in August.
The Global WordPress Translation Day Returns
On September 30, the WordPress Polyglots team will be holding the third Global WordPress Translation Day. This is a 24-hour global event dedicated to the translation of the WordPress ecosystem (core, themes, plugins), and is a mix of physical, in-person translation work with online streaming of talks from WordPress translators all over the world.
Meetup groups will be holding events where community members will come together to translate WordPress. To get involved in this worldwide event, join your local meetup group or, if one is not already taking place in your area, organize one for your community.
You can find out more information on the Translation Day blog and in the #polyglots-events channel in the Making WordPress Slack group.
WordPress Foundation to Run Open Source Training Worldwide
The WordPress Foundation is a non-profit organization that exists to provide educational events and resources for hackathons, support of the open web, and promotion of diversity in the global open source community.
In an effort to push these goals forward, the Foundation is going to be offering assistance to communities who would like to run local open source training workshops. A number of organizers have applied to be a part of this initiative, and the Foundation will be selecting two communities in the coming weeks.
Follow the WordPress Foundation blog for updates.
Next Steps in WordPress Core’s PHP Focus
After last month’s push to focus on WordPress core’s PHP development, a number of new initiatives have been proposed and implemented. The first of these initiatives is a page on WordPress.org that will educate users on the benefits of upgrading PHP. The page and its implementation are still in development, so you can follow and contribute on GitHub.
Along with this, plugin developers are now able to specify the minimum required PHP version for their plugins. This version will then be displayed on the Plugin Directory page, but it will not (yet) prevent users from installing it.
The next evolution of this is for the minimum PHP requirement to be enforced so that plugins will only work if that requirement is met. You can assist with this implementation by contributing your input or a patch on the open ticket.
As always, discussions around the implementation of PHP in WordPress core are done in the #core-php channel in the Making WordPress Slack group.
New Editor Development Continues
For a few months now, the core team has been steadily working on Gutenberg, the new editor for WordPress core. While Gutenberg is still in development and is some time away from being ready, a huge amount of progress has already been made. In fact, v1.0.0 of Gutenberg was released this week.
The new editor is available as a plugin for testing and the proposed roadmap is for it to be merged into core in early 2018. You can get involved in the development of Gutenberg by joining the #core-editor channel in the Making WordPress Slack group and following the WordPress Core development blog.
Further reading:
- On the topic of Gutenberg, Matt Mullenweg wrote a post to address some of the concerns that the community has expressed about the new editor.
- A new movement has started in the Indian WordPress community named JaiWP — the organizers are seeking to unite and motivate the country’s many local communities.
- Merlin WP is a new plugin offering theme developers an easy way to onboard their users.
- Ryan McCue posted an ambitious roadmap for the future of the WordPress REST API — many contributions from the community will be needed in order to reach these goals.
- Want to know what you can expect in the next major release of WordPress? Here’s a look at what the core team is planning for v4.9.
- To help combat the difficulties that Trac presents to WordPress Core contributors, Ryan McCue built an alternative platform dubbed Not Trac.
- v1.3.0 of WP-CLI was released earlier in the month, adding a whole lot of great new features to the useful tool.
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
Like this:
Like Loading...
After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.
This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.
Download WordPress 4.8.1 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.1.
Thanks to everyone who contributed to 4.8.1:
Adam Silverstein, Andrea Fercia, Andrew Ozz, Atanas Angelov, bonger, Boone Gorges, Boro Sitnikovski, David Herrera, James Nylen, Jeffrey Paul, Jennifer M. Dodd, K. Adam White, Konstantin Obenland, Mel Choyce, r-a-y, Reuben Gunday, Rinku Y, Said El Bakkali, Sergey Biryukov, Siddharth Thevaril, Timmy Crawford, and Weston Ruter.
Like this:
Like Loading...
After a particularly busy month in June, things settled down a bit in the WordPress world — WordPress 4.8’s release went very smoothly, allowing the Core team to build up some of the community infrastructure around development. Read on for more interesting news from around the WordPress world in July.
Weekly meeting for new core contributors
Onboarding new contributors is a persistent issue for most WordPress contribution teams. While every team welcomes any new contributors, the path to getting deeply involved can be tricky to find at times.
This month, the Core team implemented a fantastic new initiative: weekly meetings for new core contributors as a way to encourage involvement and foster fresh contributions. The meetings not only focus on bugs suited to first-time contributors, they also make space for experienced contributors to help out individuals who may be new to developing WordPress core.
The meetings are held every Wednesday at 19:00 UTC in the #core channel in the Making WordPress Slack group.
Increased focus on PHP practices in WordPress core
In bringing people together to improve WordPress core, a new channel in the Making WordPress Slack group named #core-php is designed to focus on PHP development in the project.
Along with this increased concentration on PHP, a new weekly meeting is now taking place every Monday at 18:00 UTC in #core-php to improve WordPress core’s PHP practices.
Sharp rise in meetup group growth
The dashboard events widget in WordPress 4.8 displays local, upcoming WordPress events for the logged in user. The events listed in this widget are pulled from the meetup chapter program, as well as the WordCamp schedule.
This widget provides greater visibility of official WordPress events, and encourages community involvement in these events. It’s safe to say that the widget has achieved its goals admirably — since WordPress 4.8 was released a little over a month ago, 31 new meetup groups have been formed with 15,647 new members across the whole program. This is compared to 19 new groups and only 7,071 new members in the same time period last year.
You can find a local meetup group to join on meetup.com, and if you would like to get involved in organizing events for your community, you can find out more about the inner workings of the program on the Community Team site or by joining the #community-events channel in the Making WordPress Slack group.
WordPress 4.8.1 due for imminent release
WordPress 4.8 cycle’s first maintenance release will be published in the coming week, more than a month after 4.8 was released. This release fix some important issues in WordPress core and the majority of users will find that their sites will update to this new version automatically.
If you would like to help out by testing this release before it goes live, you can follow the beta testing guide for WordPress core. To get further involved in building WordPress core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.
Further reading:
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
Like this:
Like Loading...
We’re starting a new regular feature on this blog today. We’d like to keep everyone up-to-date about the happenings all across the WordPress open source project and highlight how you can get involved, so we’ll be posting a roundup of all the major WordPress news at the end of every month.
Aside from other general news, the three big events in June were the release of WordPress 4.8, WordCamp Europe 2017, and the WordPress Community Summit. Read on to hear more about these as well as other interesting stories from around the WordPress world.
WordPress 4.8
On June 8, a week before the Community Summit and WordCamp Europe, WordPress 4.8 was released.You can read the Field Guide for a comprehensive overview of all the features of this release (the News and Events widget in the dashboard is one of the major highlights).
Most people would either have their version auto-updated, or their hosts would have updated it for them. For the rest, the updates have gone smoothly with no major issues reported so far.
This WordPress release saw contributions from 346 individuals; you can find their names in the announcement post. To get involved in building WordPress core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.
WordCamp Europe 2017
WordCamp Europe 2017 was held in Paris between June 15-17. The event began with a Contributor Day, followed by two days of talks and community goodness. The talks were live-streamed, but you can still catch all the recordings on WordPress.tv. The organisers also published a handy wrap-up of the event.
WordCamp Europe exists to bring together the WordPress community from all over the continent, as well as to inspire local communities everywhere to get their own events going — to that end, the event was a great success, as a host of new meetup groups have popped up in the weeks following WordCamp Europe.
The work that Contributor Day participants accomplished was both varied and valuable, covering all aspects of the WordPress project — have a look through the Make blogs for updates from each team.
Finally, we also learned during the event that WordCamp Europe 2018 will be held in Belgrade, Serbia, continuing the tradition of exploring locations and communities across the continent.
WordPress Community Summit
The fourth WordPress Community Summit took place during the two days leading up to WordCamp Europe 2017. This event is an invite-only unconference where people from all over the WordPress community come together to discuss some of the more difficult issues in the community, as well as to make plans for the year ahead in each of the contribution teams.
As the Summit is designed to be a safe space for all attendees, the notes from each discussion are in the process of being anonymized before we publish them on the Summit blog (so stay tuned – they’ll show up there over the next few weeks).
You can already see the final list of topics that were proposed for the event here (although a few more were added during the course of the two day Summit).
WordPress marketing push continues apace
As part of the push to be more intentional in marketing WordPress (as per Matt Mullenweg’s 2016 State of the Word), the Marketing team has launched two significant drives to obtain more information about who uses WordPress and how that information can shape their outreach and messaging efforts.
The team is looking for WordPress case studies and is asking users, agencies, and freelancers to take a WordPress usage survey. This will go a long way towards establishing a marketing base for WordPress as a platform and as a community — and many people in the community are looking forward to seeing this area develop further.
To get involved in the WordPress Marketing team, you can visit their team blog.
New Gutenberg editor available for testing
For some time now, the Core team has been hard at work on a brand-new text editor for WordPress — this project has been dubbed “Gutenberg.” The project’s ultimate goal is to replace the existing TinyMCE editor, but for now it is in beta and available for public testing — you can download it here as a plugin and install it on any WordPress site.
This feature is still in beta, so we don’t recommend using it on a production site. If you test it out, though, you’ll find that it is a wholly different experience to what you are used to in WordPress. It’s a more streamlined, altogether cleaner approach to the text-editing experience than we’ve had before, and something that many people are understandably excited about. Matt Mullenweg discussed the purpose of Gutenberg in more detail during his Q&A at WordCamp Europe.
There are already a few reviews out from Brian Jackson at Kinsta, Aaron Jorbin, and Matt Cromwell (among many others). Keep in mind that the project is in constant evolution at this stage; when it eventually lands in WordPress core (probably in v5.0), it could look very different from its current iteration — that’s what makes this beta stage and user testing so important.
To get involved with shaping the future of Gutenberg, please test it out, and join the #core-editor channel in the Making WordPress Slack group. You can also visit the project’s GitHub repository to report issues and contribute to the codebase.
Further reading:
- Bridget Willard has proposed an editorial calendar to assist WordCamp organizers with publishing content for their event.
- A new kind of niche WordCamp, WordCamp for Publishers in Denver, has opened ticket sales.
- The WordPress iOS app was updated with a fresh, new media library this month.
- It looks like Underscores, the popular WordPress starter theme, has a bright future ahead of it, with a renewed vision and new committer.
- The always-inspiring Tom McFarlin has released a simple autoloader for WordPress that looks very useful indeed.
- After a bit of a discussion on Twitter regarding the differences between WordPress.org, WordPress.com, and Jetpack, Helen Hou-Sandí came up with a great analogy and an interesting post about it all.
- If you’re interested in contributing specifically to the JavaScript or PHP areas of the WordPress core codebase, then the new #core-js and #core-php channels in the Making WordPress Slack group are perfect for you.
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
Like this:
Like Loading...
An Update with You in Mind
Gear up for a more intuitive WordPress!
Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.
Though some updates seem minor, they’ve been built by hundreds of contributors with you in mind. Get ready for new features you’ll welcome like an old friend: link improvements, three new media widgets covering images, audio, and video, an updated text widget that supports visual editing, and an upgraded news section in your dashboard which brings in nearby and upcoming WordPress events.
Exciting Widget Updates
Image Widget
Adding an image to a widget is now a simple task that is achievable for any WordPress user without needing to know code. Simply insert your image right within the widget settings. Try adding something like a headshot or a photo of your latest weekend adventure — and see it appear automatically.
Video Widget
A welcome video is a great way to humanize the branding of your website. You can now add any video from the Media Library to a sidebar on your site with the new Video widget. Use this to showcase a welcome video to introduce visitors to your site or promote your latest and greatest content.
Audio Widget
Are you a podcaster, musician, or avid blogger? Adding a widget with your audio file has never been easier. Upload your audio file to the Media Library, go to the widget settings, select your file, and you’re ready for listeners. This would be a easy way to add a more personal welcome message, too!
Rich Text Widget
This feature deserves a parade down the center of town! Rich-text editing capabilities are now native for Text widgets. Add a widget anywhere and format away. Create lists, add emphasis, and quickly and easily insert links. Have fun with your newfound formatting powers, and watch what you can accomplish in a short amount of time.
Link Boundaries
Have you ever tried updating a link, or the text around a link, and found you can’t seem to edit it correctly? When you edit the text after the link, your new text also ends up linked. Or you edit the text in the link, but your text ends up outside of it. This can be frustrating! With link boundaries, a great new feature, the process is streamlined and your links will work well. You’ll be happier. We promise.
Nearby WordPress Events
Did you know that WordPress has a thriving offline community with groups meeting regularly in more than 400 cities around the world? WordPress now draws your attention to the events that help you continue improving your WordPress skills, meet friends, and, of course, publish!
This is quickly becoming one of our favorite features. While you are in the dashboard (because you’re running updates and writing posts, right?) all upcoming WordCamps and official WordPress Meetups — local to you — will be displayed.
Being part of the community can help you improve your WordPress skills and network with people you wouldn’t otherwise meet. Now you can easily find your local events just by logging in to your dashboard and looking at the new Events and News dashboard widget.
Even More Developer Happiness 😊
New CSS rules mean extraneous content (like “Add New” links) no longer need to be included in admin-area headings. These panel headings improve the experience for people using assistive technologies.
As fewer and fewer browsers support Silverlight, file formats which require the presence of the Silverlight plugin are being removed from core support. Files will still display as a download link, but will no longer be embedded automatically.
New capabilities have been introduced to 4.8 with an eye towards removing calls to
is_super_admin(). Additionally, new hooks and tweaks to more granularly control site and user counts per network have been added.
With the addition of TinyMCE to the text widget in 4.8 comes a new JavaScript API for instantiating the editor after page load. This can be used to add an editor instance to any text area, and customize it with buttons and functions. Great for plugin authors!
The introduction of a new base media widget REST API schema to 4.8 opens up possibilities for even more media widgets (like galleries or playlists) in the future. The three new media widgets are powered by a shared base class that covers most of the interactions with the media modal. That class also makes it easier to create new media widgets and paves the way for more to come.
Rejoice! New responsive breakpoints have been added to the customizer sidebar to make it wider on high-resolution screens. Customizer controls should use percentage-based widths instead of pixels.
The Squad
This release was led by Matt and Jeff Paul, with the help of the following fabulous folks. There are 346 contributors with props in this release, with 106 of them contributing for the first time. Pull up some Bill Evans on your music service of choice, and check out some of their profiles:
Aaron D. Campbell,
Aaron Jorbin,
abrightclearweb,
Achal Jain,
achbed,
Acme Themes,
Adam Silverstein,
adammacias,
Ahmad Awais,
ahmadawais,
airesvsg,
ajoah,
Aki Björklund,
akshayvinchurkar,
Alain Schlesser,
Alex Concha,
Alex Dimitrov,
Alex Hon,
alex27,
allancole,
Amanda Rush,
Andrea Fercia,
Andreas Panag,
Andrew Nacin,
Andrew Ozz,
Andrey "Rarst" Savchenko,
Andy Meerwaldt,
Andy Mercer,
Andy Skelton,
Aniket Pant,
Anil Basnet,
Ankit K Gupta,
Anthony Hortin,
antisilent,
Anton Timmermans,
apokalyptik,
artoliukkonen,
Arunas Liuiza,
attitude,
backermann,
Bappi,
Ben Cole,
Bernhard Gronau,
Bernhard Kau,
binarymoon,
Birgir Erlendsson (birgire),
BjornW,
bobbingwide,
boblinthorst,
boboudreau,
bonger,
Boone B. Gorges,
Brainstorm Force,
Brandon Kraft,
Brian Hogg,
Brian Krogsgard,
Bronson Quick,
Caroline Moore,
Casey Driscoll,
Caspie,
Chandra Patel,
Chaos Engine,
cheeserolls,
chesio,
chetansatasiya,
choong,
Chouby,
chredd,
Chris Jean,
Chris Marslender,
Chris Smith,
Chris Van Patten,
Chris Wiegman,
chriscct7,
chriseverson,
Christian Chung,
Christian Nolen,
Christian Wach,
Christoph Herr,
Clarion Technologies,
Claudio Sanches,
Claudio Sanches,
ClaudioLaBarbera,
codemovement.pk,
coderkevin,
codfish,
coreymcollins,
Curdin Krummenacher,
Curtiss Grymala,
Cătălin Dogaru,
danhgilmore,
Daniel Kanchev,
Daniel Pietrasik,
Daniele Scasciafratte,
Daryl L. L. Houston (dllh),
Dave Pullig,
Dave Romsey (goto10),
David A. Kennedy,
David Chandra Purnama,
David Herrera,
David Lingren,
David Mosterd,
David Shanske,
davidbhayes,
Davide 'Folletto' Casali,
deeptiboddapati,
delphinus,
deltafactory,
Denis de Bernardy,
Derek Herman,
Derrick Hammer,
Derrick Koo,
dimchik,
Dinesh Chouhan,
Dion Hulse,
dipeshkakadiya,
dmsnell,
Dominik Schilling,
Dotan Cohen,
Doug Wollison,
doughamlin,
DreamOn11,
Drew Jaynes,
duncanjbrown,
dungengronovius,
DylanAuty,
Eddie Hurtig,
Eduardo Reveles,
Edwin Cromley,
ElectricFeet,
Elio Rivero,
Ella Iseulde Van Dorpe,
elyobo,
enodekciw,
enshrined,
Eric Andrew Lewis,
Eric Lanehart,
Evan Herman,
Felix Arntz,
Fencer04,
Florian Brinkmann,
Florian TIAR,
FolioVision,
fomenkoandrey,
Francesco Taurino,
Frank Klein,
Frankie Jarrett,
Fred,
Fredrik Forsmo,
fuscata,
Gabriel Maldonado,
Garth Mortensen,
Gary Jones,
Gary Pendergast,
Geeky Software,
George Stephanis,
Goran Šerić,
Graham Armfield,
Grant Derepas,
Gregory Karpinsky (@tivnet),
Hardeep Asrani,
Helen Hou-Sandí,
Henry Wright,
hiddenpearls,
Hinaloe,
Hristo Pandjarov,
Hugo Baeta,
Iain Poulson,
Ian Dunn,
Ian Edington,
idealien,
Ignacio Cruz Moreno,
imath,
implenton,
Ionut Stanciu,
Ipstenu (Mika Epstein),
ivdimova,
J.D. Grimes,
Jacob Peattie,
Jake Spurlock,
James Nylen,
jamesacero,
Japh,
Jared Cobb,
jayarjo,
jdolan,
jdoubleu,
Jeff Bowen,
Jeff Paul,
Jeffrey de Wit,
Jeremy Felt,
Jeremy Pry,
jimt,
Jip Moors,
jmusal,
Joe Dolson,
Joe Hoyle,
Joe McGill,
Joel James,
Joen Asmussen,
johanmynhardt,
John Blackbourn,
John Dittmar,
John James Jacoby,
John P. Bloch,
johnpgreen,
Jon (Kenshino),
Jonathan Bardo,
Jonathan Brinley,
Jonathan Daggerhart,
Jonathan Desrosiers,
Jonny Harris,
jonnyauk,
jordesign,
JorritSchippers,
Joseph Fusco,
Josh Eaton,
Josh Pollock,
joshcummingsdesign,
joshkadis,
Joy,
jrf,
JRGould,
Juanfra Aldasoro,
Juhi Saxena,
Junko Nukaga,
Justin Busa,
Justin Sainton,
Justin Shreve,
Justin Sternberg,
K.Adam White,
kacperszurek,
Kailey (trepmal),
KalenJohnson,
Kat Hagan,
Keanan Koppenhaver,
keesiemeijer,
kellbot,
Kelly Dwan,
Kevin Hagerty,
Kirk Wight,
kitchin,
Kite,
kjbenk,
Knut Sparhell,
koenschipper,
kokarn,
Konstantin Kovshenin,
Konstantin Obenland,
Konstantinos Kouratoras,
kuchenundkakao,
kuldipem,
Lee Willis,
Leo Baiano,
LittleBigThings (Csaba),
Lucas Stark,
Luke Cavanagh,
Luke Gedeon,
Luke Pettway,
lyubomir_popov,
Mário Valney,
mageshp,
Mahesh Waghmare,
Mangesh Parte,
Manish Songirkar,
mantismamita,
Marcel Bootsman,
Marin Atanasov,
Marius L. J.,
Mariyan Belchev,
Mark Jaquith,
Mark Root-Wiley,
Mark Uraine,
Marko Heijnen,
markshep,
Matias Ventura,
matrixik,
Matt Banks,
Matt King,
Matt PeepSo,
Matt van Andel,
Matt Wiebe,
Matthew Haines-Young,
mattyrob,
Max Cutler,
Maxime Culea,
Mayo Moriyama,
mckernanin,
Mel Choyce,
mhowell,
Michael Arestad,
Michael Arestad,
michalzuber,
Miina Sikk,
Mike Auteri,
Mike Crantea,
Mike Glendinning,
Mike Hansen,
Mike Little,
Mike Schroder,
Mike Viele,
Milan Dinić,
modemlooper,
Mohammad Jangda,
Mohan Dere,
monikarao,
morettigeorgiev,
Morgan Estes,
Morten Rand-Hendriksen,
moto hachi ( mt8.biz ),
mrbobbybryant,
Naim Naimov,
Nate Reist,
NateWr,
nathanrice,
Nazgul,
Ned Zimmerman,
net,
Nicolas GUILLAUME,
Nikhil Chavan,
Nikhil Vimal,
Nikolay Bachiyski,
Nilambar Sharma,
noplanman,
nullvariable,
odie2,
odyssey,
Okamoto Hidetaka,
orvils,
oskosk,
Otto Kekäläinen,
ovann86,
Pantip Treerattanapitak (Nok),
Pascal Birchler,
patilvikasj,
Paul Bearne,
Paul Wilde,
pdufour,
Perdaan,
Peter Wilson,
phh,
php,
Piotr Delawski,
pippinsplugins,
pjgalbraith,
pkevan,
Pratik,
Pressionate,
Presskopp,
procodewp,
Rachel Baker,
Rahul Prajapati,
Ramanan,
ramiabraham,
ranh,
Red Sand Media Group,
Riad Benguella,
Rian Rietveld,
Richard Tape,
Robert D Payne,
Robert Jolly,
Robert Noakes,
Rocco Aliberti,
Rodrigo Primo,
Rommel Castro,
Ronald Araújo,
Ross Wintle,
Roy Sivan,
Ryan Kienstra,
Ryan McCue,
Ryan Plas,
Ryan Welcher,
Sal Ferrarello,
Sami Keijonen,
Samir Shah,
Samuel Sidler,
Sandesh,
Sang-Min Yoon,
Sanket Parmar,
Sarah Gooding,
Sayed Taqui,
schrapel,
Scott Reilly,
Scott Taylor,
scrappy@hub.org,
scribu,
seancjones,
Sebastian Pisula,
Sergey Biryukov,
Sergio De Falco,
sfpt,
shayanys,
shazahm1,
shprink,
simonlampen,
skippy,
smerriman,
snacking,
solal,
Soren Wrede,
Stanimir Stoyanov,
Stanko Metodiev,
Steph,
Steph Wells,
Stephanie Leary,
Stephen Edgar,
Stephen Harris,
Steven Word,
stevenlinx,
Sudar Muthu,
Swapnil V. Patil,
swapnild,
szaqal21,
Takahashi Fumiki,
Takayuki Miyauchi,
Tammie Lister,
tapsboy,
Taylor Lovett,
team,
tg29359,
tharsheblows,
the,
themeshaper,
thenbrent,
thomaswm,
Thorsten Frommen,
tierra,
Tim Nash,
Timmy Crawford,
Timothy Jacobs,
timph,
Tkama,
tnegri,
Tom Auger,
Tom J Nowell,
tomdxw,
Toro_Unit (Hiroshi Urabe),
Torsten Landsiedel,
transl8or,
traversal,
Travis Smith,
Triet Minh,
Trisha Salas,
tristangemus,
truongwp,
tsl143,
Ty Carlson,
Ulrich,
Utkarsh,
Valeriu Tihai,
Viljami Kuosmanen,
Vishal Kakadiya,
vortfu,
Vrunda Kansara,
webbgaraget,
WebMan Design | Oliver Juhas,
websupporter,
Weston Ruter,
William Earnhardt,
williampatton,
Wolly aka Paolo Valenti,
WraithKenny,
yale01,
Yoav Farhi,
Yoga Sukma,
Zach Wills,
Zack Tollman,
Ze Fontainhas,
zhildzik, and
zsusag.
Finally, thanks to all the community translators who worked on WordPress 4.8. Their efforts bring WordPress 4.8 fully translated to 38 languages at release time with more on the way.
Do you want to report on WordPress 4.8? We’ve compiled a press kit featuring information about the release features, and some media assets to help you along.
If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress — we hope you enjoy!
Like this:
Like Loading...
The second release candidate for WordPress 4.8 is now available.
To test WordPress 4.8, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).
We’ve made a handful of changes since releasing RC 1 last week. For more details about what’s new in version 4.8, check out the Beta 1, Beta 2, and RC1 blog posts.
Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.
Happy testing!
Like this:
Like Loading...
The release candidate for WordPress 4.8 is now available.
RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.8 on Thursday, June 8, but we need your help to get there. If you haven’t tested 4.8 yet, now is the time!
To test WordPress 4.8, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).
We’ve made a handful of changes since releasing Beta 2 earlier this week. For more details about what’s new in version 4.8, check out the Beta 1 and Beta 2 blog posts.
Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.
Developers, please test your plugins and themes against WordPress 4.8 and update your plugin’s Tested up to version in the readme to 4.8. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we work hard to avoid breaking things. An in-depth field guide to developer-focused changes is coming soon on the core development blog.
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
This release’s haiku is courtesy of @matveb:
Érrese uno
Cien veces y más
Erre ce dos
Thanks for your continued help testing out the latest versions of WordPress.
Like this:
Like Loading...
WordPress 4.8 Beta 2 is now available!
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.8, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
For more information on what’s new in 4.8, check out the Beta 1 blog post. Since then, we’ve made over 50 changes in Beta 2.
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
WordPress four point eight
One step closer to release
Please test Beta 2!
Like this:
Like Loading...
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
- Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
- Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
- Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
- A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.
Download WordPress 4.7.5 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.
Thanks to everyone who contributed to 4.7.5.
Like this:
Like Loading...
Older Posts »
