WordPress.org

WordPress 4.4.2 Security and Maintenance Release

Posted February 2, 2016 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.

Thank you to both reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs from 4.4 and 4.4.1. For more information, see the release notes or consult the list of changes.

Download WordPress 4.4.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.2.

Thanks to everyone who contributed to 4.4.2:

Andrea Ferciaberengerzyla, Boone Gorges, Chandra Patel, Chris Christoff, Dion Hulse, Dominik Schilling, firebird75, Ivan Kristianto, Jennifer M. Dodd, salvoaranzulla

Contributor Weekend: Support Forums

Posted January 22, 2016 by Jen. Filed under Community, Events.

Our first global contributor drive is coming up next weekend, January 30-31, 2016, and we want you to be involved!

Many of our current contributors first got involved at a Contributor Day at a WordCamp or WordPress Meetup event near them, but not everyone has had that opportunity, so we’re trying to create an online experience that will give new contributors the same kind of live support and group dynamic. We’ll be doing these as weekend challenges rather than one-day events so that WordPress users all over the world can participate without worrying about pesky time zones, but each challenge will be designed to be completed within a few hours, comparable to an in-person Contributor Day.

Our inaugural Contributor Weekend is focused on the Support Team — the folks who volunteer their time to help people with WordPress questions in the support forums and IRC. Over the two day span, forum moderators will be available online to help new contributors and answer questions as needed. The challenge this month is called 20 Questions; your mission (should you choose to accept it) is to help WordPress users by answering 20 forum support requests over the course of the weekend.

You can participate on your own, or you can get together with other people from your local meetup group and work on it together. Working together in person is really fun, so we highly recommend trying to get some folks together if you’re able, but if that’s not possible you can still connect to other participants online. Either way, this is a great way to give back to the WordPress project and have some fun helping people at the same time.

Interested? Get the details on how to participate.

Hope to see you next weekend!

WordPress 4.4.1 Security and Maintenance Release

Posted January 6, 2016 by Aaron Jorbin. Filed under Releases, Security.

WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.

There were also several non-security bug fixes:

  • Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji! 👍🏿👌🏽👏🏼
  • Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
  • If a post URL was ever re-used, the site could redirect to the wrong post.

WordPress 4.4.1 fixes 52 bugs from 4.4. For more information, see the release notes or consult the list of changes.

Download WordPress 4.4.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.

Thanks to everyone who contributed to 4.4.1:

Aaron D. Campbell, Aaron Jorbin, Andrea Fercia, Andrew Nacin, Andrew Ozz, Boone Gorges, Compute, Daniel Jalkut (Red Sweater), Danny van Kooten, Dion Hulse, Dominik Schilling (ocean90), Dossy Shiobara, Evan Herman, Gary Pendergast, gblsm, Hinaloe, Ignacio Cruz Moreno, jadpm, Jeff Pye Brook, Joe McGill, John Blackbourn, jpr, Konstantin Obenland, KrissieV, Marin Atanasov, Matthew Ell, Meitar, Pascal Birchler, Peter Wilson, Roger Chen, Ryan McCue, Sal Ferrarello, Scott Taylor, scottbrownconsulting, Sergey Biryukov, Shinichi Nishikawa, smerriman, Stephen Edgar, Stephen Harris, tharsheblows, voldemortensen, and webaware.

WordPress 4.4 “Clifford”

Posted December 8, 2015 by Matt Mullenweg. Filed under Releases.

Version 4.4 of WordPress, named “Clifford” in honor of jazz trumpeter Clifford Brown, is available for download or update in your WordPress dashboard. New features in 4.4 make your site more connected and responsive. Clifford also introduces a new default theme, Twenty Sixteen.


Introducing Twenty Sixteen

A screenshot of Twenty Sixteen set in an iPad frame

Our newest default theme, Twenty Sixteen, is a modern take on a classic blog design.

Twenty Sixteen was built to look great on any device. A fluid grid design, flexible header, fun color schemes, and more, will all make your content shine.


Responsive Images

An image of a laptop, iPad, Android phone, and iPhone containing the same image displayed at multiple sizes to demonstrate responsive image features.

WordPress now takes a smarter approach to displaying appropriate image sizes on any device, ensuring a perfect fit every time. You don’t need to do anything to your theme, it just works.


Embed Everything

Now you can embed your posts on other WordPress sites. Simply drop a post URL into the editor and see an instant embed preview, complete with the title, excerpt, and featured image if you’ve set one. We’ll even include your site icon and links for comments and sharing.

In addition to post embeds, WordPress 4.4 also adds support for five new oEmbed providers: Cloudup, Reddit Comments, ReverbNation, Speaker Deck, and VideoPress.


Under the Hood

The WordPress REST API logo

REST API infrastructure

Infrastructure for the REST API has been integrated into core, marking a new era in developing with WordPress. The REST API gives developers an easy way to build and extend RESTful APIs on top of WordPress.

Infrastructure is the first part of a multi-stage rollout for the REST API. Inclusion of core endpoints is targeted for an upcoming release. To get a sneak peek of the core endpoints, and for more information on extending the REST API, check out the official WordPress REST API plugin.

Term meta

Terms now support metadata, just like posts. See add_term_meta(), get_term_meta(), and update_term_meta() for more information.

Comment query improvements

Comment queries now have cache handling to improve performance. New arguments in WP_Comment_Query make crafting robust comment queries simpler.

Term, comment, and network objects

New WP_Term, WP_Comment, and WP_Network objects make interacting with terms, comments, and networks more predictable and intuitive in code.


The Team

Scott TaylorThis release was led by Scott Taylor, with the help of these fine individuals. There are 471 contributors with props in this release (by far the most ever!). Pull up some Clifford Brown on your music service of choice, and check out some of their profiles:

@mercime, _smartik_, A5hleyRich, Aaron D. Campbell, Aaron Jorbin, Aaron Rutley, Adam Harley (Kawauso), Adam Silverstein, adamholisky, Ahmad Awais, Aki Björklund, AlbertoCT, Alex Kirk, Alex Mills (Viper007Bond), Alex Shiels, Alexander Gounder, alireza1375, Amanda Giles, amereservant, Amy Hendrix (sabreuse), Andrea Fercia, Andrew Duthie, Andrew Nacin, Andrew Norcross, Andrew Ozz, Andy Fragen, Angelo Mandato, Ankit Gade, Ankit K Gupta, Anthony Burchell, ap.koponen, apokalyptik, Athsear'J.S., atomicjack, Austin Ginder, Austin Matzko, Barry Ceelen, Barry Kooij, bcworkz, BdN3504, Bego Mario Garde, Ben May, Benjamin Pick, berengerzyla, Bernhard Riedl, bigdawggi, bilalcoder, BinaryKitten, Birgir Erlendsson (birgire), Bjørn Johansen, bobbingwide, bonger, Boone B. Gorges, Brad Touesnard, bradparbs, Brady Vercher, Brandon Kraft, bravokeyl, brentvr, brettz95, Bruno Kos, Cam, Cami Kaos, carolinegeven, Casey Bisson, ch1902, Chandra M, Chandra Patel, Chase Wiseman, Chiara Dossena, Chip Bennett, Chirag Swadia, Chris Christoff, Chris Kindred, Chris Klosowski, chriscoyier, Chrisdc1, christianoliff, Christoph Herr, Christopher Finke, cjhaas, codeelite, Coen Jacobs, Compute, Courtney Ivey, Craig Ralston, Curtiss Grymala, Cătălin Dogaru, Daisuke Takahashi (Extend Wings), Dan Boulet, Daniel Bachhuber, Daniel Jalkut (Red Sweater), Daniel Koskinen, Daniel Ménard, Daniele Scasciafratte, daniellandau, daniloercoli, Danny de Haan, Danny van Kooten, Darren Ethier (nerrad), Daryl L. L. Houston (dllh), Datta Parad, Dave McHale, David A. Kennedy, David Anderson, David Binovec, David Herrera, David Shanske, DeBAAT, Denis de Bernardy, Dennis Ploetner, Derek Herman, Devin Price, Dezzy, Dion Hulse, Dipali Dhole, dipesh.kakadiya, Dominik Bruderer, Dominik Schilling, Dossy Shiobara, Dreb Bits, Drew Jaynes, dustinbolton, Dzikri Aziz, edirect24, Eduardo Reveles, Eduardo Zulian, Edward Caissie, Egill R. Erlendsson, egower, Ehsaan, ehtis, Ella Iseulde Van Dorpe, Ellie Strejlau, Elliott Stocks, elusiveunit, enshrined, Eric Andrew Lewis, Eric Binnion, Eric Daams, Eric Mann, ericjuden, Evan Herman, F4rkie, Felix Arntz, Firdaus Zahari, firebird75, fonglh, francoisb, Frank Klein, Frankie Jarrett, Fredrik Forsmo, Gaelan Lloyd, Gagan Deep Singh, Gary Cao, Gary Jones, Gary Pendergast, garza, Gaurav Pareek, Gautam Gupta, gblsm, geminorum, Gerhard Potgieter, geza.miklo, Gijs Jorissen, Giuseppe Mamone, Giustino Borzacchiello, gnaka08, gradyetc, Greg Rickaby, Gregory Karpinsky (@tivnet), Gustavo Bordoni, Gustavo Bordoni, gwinh.lopez, hakre, hauvong, Helen Hou-Sandí, Hinaloe, Hrishikesh Vaipurkar, Hugh Lashbrooke, Hugo Baeta, Iain Poulson, Ian Dunn, Ian Stewart, icetee, Ignacio Cruz Moreno, Ihor Vorotnov, imath, ippetkov, Ivan Kristianto, J.D. Grimes, jadpm, jakub.tyrcha, James Huff, Jan Henckens, Japh, Jasper de Groot, jazbek, jcroucher, Jeff Farthing, Jeff Stieler, JeffMatson, Jeffrey de Wit, Jeffrey Schutzman, jeichorn, Jennifer M. Dodd, Jeremy Felt, Jeremy Pry, Jeroen Schmit, Jesin A, Jesper van Engelen, jim912, jliman, jmayhak, jnylen0, Jobst Schmalenbach, Joe Dolson, Joe Hoyle, Joe McGill, joehills, John Blackbourn, John James Jacoby, John P. Bloch, John Parris, Jon Cave, Jonathan Bardo, Jonathan Desrosiers, Joost de Valk, Jorge Bernal, Josh Betz, Josh Eaton, Josh Pollock, jpr, jrf, Juhi Saxena, Julio Potier, justdaiv, Justin Sainton, Justin Shreve, Justin Sternberg, Justin Tadlock, K.Adam White, Kailey (trepmal), KalenJohnson, karinedo, karpstrucking, Kelly Dwan, Kevin Behrens, Kevin Langley, kevinatelement, kitchin, Kite, Konstantin Kovshenin, Konstantin Obenland, KrissieV, Krzysiek Dróżdż, Kurt Payne, laceous, Lance Willett, Laurens Offereins, lcherpit, ldinclaux, Lee Willis, leemon, lessbloat, linuxologos, Lucas Karpiuk, lucatume, luciole135, Lucy Tomas, Luke Carbis, madalin.ungureanu, Mako, manolis09, Marcin Pietrzak, Marin Atanasov, Mario Peshev, Marius (Clorith), Mark Jaquith, Marko Heijnen, Markus, Mat Marquis, Matheus Martins, Matt Bagwell, Matt Gibbs, Matt Martz, Matt Mullenweg, Matt van Andel, Matthew Boynes, Matthew Ell, Matthew Haines-Young, mazurstas, mbrandys, mdmcginn, Mehul Kaklotar, Meitar, Mel Choyce, meloniq, micahmills, micahwave, Michael Adams (mdawaffe), Michael Arestad, Michael Cain, Michiel Habraken, Mickey Kay, Mike Glendinning, Mike Hansen, Mike Jolley, Mike Jordan, Mike Schinkel, Mike Schroder, Milan Dinić, mismith227, misterunknown, mitcho (Michael Yoshitaka Erlewine), Monika, morganestes, Morten Rand-Hendriksen, moto hachi ( mt8.biz ), Mr Papa, mrmist, mulvane, neoscrib, NExT-Season, Niall Kennedy, nicholas_io, Nick Ciske, Nick Halsey, NickDuncan, Nicolas Juen, nikeo, Nikhil Chavan, Niklas, Nikola Nikolov, Nikolay Bachiyski, Nilambar Sharma, OriginalEXE, Paresh Radadiya, Pascal Birchler, Pat O'Brien, Paul Bearne, Paul de Wouters, Paul Ryan, Paul Wilde, pavelevap, Payton Swick, Peter Wilson, Petter Walbø Johnsgård, Petya Raykovska, pfefferle, Philip Arthur Moore, PhilipLakin, Philipp Cordes, Piotr Delawski, Piotr Soluch, Pippin Williamson, Prasad Nevase, Prasath Nadarajah, Pratik, Rachel Baker, rajnikmit, Rakesh Lawaju (Racase Lawaju), ramay, Rami Yushuvaev, Raul Illana, renoirb, rhubbardreverb, Rhys Wynne, Rian Rietveld, Richard Tape, Robert Chapin, Rodrigo Primo, Roger Chen, Rommel Castro, Ron Rennick, Ronald Huereca, Russell Heimlich, Ruud Laan, Ryan Kienstra, Ryan Markel, Ryan McCue, Ryan Welcher, Safirul Alredha, Sal Ferrarello, salvoaranzulla, Sam Brodie, sam2kb, Samir Shah, Samuel Sidler, Samuel Wood (Otto), Sanket Parmar, Sara Rosso, sarciszewski, Scott Grant, Scott Kingsley Clark, Scott Reilly, scottbrownconsulting, ScreenfeedFr, scribu, sdavis2702, Sean Hayes, Sebastian Pisula, Sergey Biryukov, serpent7776, several27, shimakyohsuke, Shinichi Nishikawa, side777, Simon Prosser, Simon Wheatley, Siobhan, sirzooro, sjmur, smerriman, Spacedmonkey, Stéphane Boisvert, Stanislav Khromov, Stanko Metodiev, stebbiv, Stefan Froehlich, Stephanie Leary, Stephen Edgar, Stephen Harris, Steve Grunwell, stevehenty, SteveHoneyNZ, Steven Word, Store Locator Plus, Sudar Muthu, Sujay, Sumit Singh, summerblue, Sunny Ratilal, Takashi Irie, Takayuki Miyauchi, Tammie Lister, Tanner Moushey, tbcorr, Terry Chay, tharsheblows, theMikeD, Thomas Kräftner, thomaswm, Thorsten Frommen, Thorsten Ott, tigertech, Till Krüss, Tim Evko, tmatsuur, tmeister, TobiasBg, Tom Willmot, TomHarrigan, tommarshall, tomsommer, Toni Viemerö, Toro_Unit (Hiroshi Urabe), Tracy Levesque, Tran Ngoc Tuan Anh, Travis Smith, trenzterra, Tryon Eggleston, tszming, ty, Ty Carlson, Tyler Carter, Ulrich, Ulrich Sossou, Umesh Kumar, Umesh Nevase, Utkarsh, vilkatis, voldemortensen, Walter Ebert, walterbarcelos, webaware, webdevmattcrom, WEN Solutions, WEN Themes, Weston Ruter, wmertens, Wojtek Szkutnik, WP Plugin Dev dot com, wpdev101, wpseek, wturrell, Yam Chhetri, Yoav Farhi, Zach Wills, Zack Rothauser, and Zack Tollman.

 

Special thanks go to Siobhan McKeown for producing the release video with Sara Rosso, and Cami Kaos for the voice-over.

Finally, thanks to all of the contributors who provided subtitles for the release video, which at last count had been translated into 23 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.5!

WordPress 4.4 Release Candidate

Posted November 25, 2015 by Scott Taylor. Filed under Development, Releases.

The release candidate for WordPress 4.4 is now available.

RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.4 on Tuesday, December 8, but we need your help to get there.

If you haven’t tested 4.4 yet, now is the time!

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.4 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For more information about what’s new in version 4.4, check out the Beta blog post.

Developers, please test your plugins and themes against WordPress 4.4 and update your plugin’s Tested up to version in the readme to 4.4 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Be sure to follow along the core development blog, where we’ll continue to post notes for developers for 4.4.

Tickets are all closed
Help test the latest changes
New WordPress for All

WordPress 4.4 Beta 4

Posted November 12, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 4 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.4, check out the Beta 1 blog post. This our final planned beta. Next week will be our first Release Candidate.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Closer To The End
Tickets Are Being Shuffled
Onward to RC

WordPress 4.4 Beta 3

Posted November 4, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 3 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more of what’s new in version 4.4, check out the Beta 1 blog post.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Four-four beta three
Even more activity
Nary a shared term

WordPress 4.4 Beta 2

Posted October 28, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 2 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more of what’s new in version 4.4, check out the Beta 1 blog post.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Four-four beta two
Another week of progress
REST API lives!

WordPress 4.4 Beta 1

Posted October 22, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

WordPress 4.4 is slated for release on December 8, but to get there, we need your help testing what we have been working on, including:

  • Twenty Sixteen — The newest default theme for WordPress.
  • Responsive Images — WordPress automatically delivers a more appropriate image to users depending on a variety of conditions like screen size, viewport size, and screen resolution.
  • Embeds — WordPress can now embed rich content from nearly all sites that support the oEmbed standard — not just YouTube, Flickr, Twitter, and the like. You can even embed previews of posts from other WordPress sites by pasting the URL on its own line.

There have been a lot of changes for developers to play with as well:

  • REST API (phase 1) — The underlying infrastructure of the WordPress REST API plugin has been included in WordPress 4.4. Plugin authors can take advantage of this by adding custom endpoints.
  • Term Metadata — Taxonomy term metadata is now included in WordPress 4.4. If you’ve already been using a plugin to implement term metadata, you should read this post on how to prepare. Also, the underlying WP_Term class improves caching when working with terms. (#14162)
  • Improved <title> outputwp_title() is now deprecated; WordPress can handle the rendering of the document title automatically.
  • Comments — Comment queries are now split for performance. Also, the underlying WP_Comment class improves caching and introduces strong-typing. (#8071#32619)

If you want a more in-depth view of what major changes have made it into 4.4, check out all 4.4-tagged posts on the main development blog, or check out a list of everything that’s changed.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs.

Happy testing!

Many small changes
Some groundbreaking new features
Fun times had by all

WordPress 4.3.1 Security and Maintenance Release

Posted September 15, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
  • A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
  • Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.

Thanks to everyone who contributed to 4.3.1:

Adam Silverstein, Andrea FerciaAndrew Ozz, Boone Gorges, Brandon Kraft, chriscct7, Daisuke Takahashi, Dion Hulse, Dominik Schilling, Drew Jaynes, dustinbolton, Gary Pendergast, hauvong, James Huff, Jeremy Felt, jobst, Marin Atanasov, Nick Halsey, nikeo, Nikolay Bachiyski, Pascal Birchler, Paul Ryan, Peter Wilson, Robert Chapin, Samuel Wood, Scott Taylor, Sergey Biryukov, tmatsuur, Tracy Levesque, Umesh Nevase, vortfu, welcher, Weston Ruter

Older Posts »

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: