WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.
Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to.
Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input.
Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection.
Tim Coen discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.
Tim Coen also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations.
Team Yoast discovered that the user activation screen could be indexed by search engines in some uncommon configurations, leading to exposure of email addresses, and in some rare cases, default generated passwords.
Tim Coen and Slavco discovered that authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability.
Download WordPress 5.0.1, or venture over to Dashboard → Updates and click Update Now. Sites that support automatic background updates are already beginning to update automatically.
In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.0.1:
We’ve made some big upgrades to the editor. Our new block-based editor is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living.
Building with Blocks
The new block-based editor won’t change the way any of your content looks to your visitors. What it will do is let you insert any type of multimedia in a snap and rearrange to your heart’s content. Each piece of content will be in its own block; a distinct wrapper for easy maneuvering. If you’re more of an HTML and CSS sort of person, then the blocks won’t stand in your way. WordPress is here to simplify the process, not the outcome.
We have tons of blocks available by default, and more get added by the community every day. Here are a few of the blocks to help you get started:
Paragraph
Heading
Preformatted
Quote
Image
Gallery
Cover
Video
Audio
Columns
File
Code
List
Button
Embeds
More
Freedom to Build, Freedom to Write
This new editing experience provides a more consistent treatment of design as well as content. If you’re building client sites, you can create reusable blocks. This lets your clients add new content anytime, while still maintaining a consistent look and feel.
A Stunning New Default Theme
Introducing Twenty Nineteen, a new default theme that shows off the power of the new editor.
Designed for the block editor
Twenty Nineteen features custom styles for the blocks available by default in 5.0. It makes extensive use of editor styles throughout the theme. That way, what you create in your content editor is what you see on the front of your site.
Simple, type-driven layout
Featuring ample whitespace, and modern sans-serif headlines paired with classic serif body text, Twenty Nineteen is built to be beautiful on the go. It uses system fonts to increase loading speed. No more long waits on slow networks!
Versatile design for all sites
Twenty Nineteen is designed to work for a wide variety of use cases. Whether you’re running a photo blog, launching a new business, or supporting a non-profit, Twenty Nineteen is flexible enough to fit your needs.
Blocks provide a comfortable way for users to change content directly, while also ensuring the content structure cannot be easily disturbed by accidental code edits. This allows the developer to control the output, building polished and semantic markup that is preserved through edits and not easily broken.
Compose
Take advantage of a wide collection of APIs and interface components to easily create blocks with intuitive controls for your clients. Utilizing these components not only speeds up development work but also provide a more consistent, usable, and accessible interface to all users.
Create
The new block paradigm opens up a path of exploration and imagination when it comes to solving user needs. With the unified block insertion flow, it’s easier for your clients and customers to find and use blocks for all types of content. Developers can focus on executing their vision and providing rich editing experiences, rather than fussing with difficult APIs.
Prefer to stick with the familiar Classic Editor? No problem! Support for the Classic Editor plugin will remain in WordPress through 2021.
The Classic Editor plugin restores the previous WordPress editor and the Edit Post screen. It lets you keep using plugins that extend it, add old-style meta boxes, or otherwise depend on the previous editor. To install, visit your plugins page and click the “Install Now” button next to “Classic Editor”. After the plugin finishes installing, click “Activate”. That’s it!
Note to users of assistive technology: if you experience usability issues with the block editor, we recommend you continue to use the Classic Editor.
Finally, thanks to all the community translators who worked on WordPress 5.0. Their efforts bring WordPress 5.0 fully translated to 37 languages at release time, with more on the way.
This release candidate includes a fix for some scripts not loading on subdirectory installs (#45469), and user locale settings not being loaded in the block editor (#45465). Twenty Nineteen has also had a couple of minor tweaks.
Plugin and Theme Developers
Please test your plugins and themes against WordPress 5.0 and update the Tested up to version in the readme to 5.0. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release. An in-depth field guide to developer-focused changes is coming soon on the core development blog. In the meantime, you can review the developer notes for 5.0.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
WordPress Five Point Oh Is just a few days away! Nearly party time! 🎉
WordPress 5.0 is almost ready for release, including an all-new content editing experience. Volunteers all across the project are gearing up for the launch and making sure everything is ready. Read on to find out what’s been happening and how you can get involved.
WordPress 5.0 Close to Launch
The release date for WordPress 5.0 has not yet been set, but the second release candidate (RC) is now available. The final release date will be determined based on feedback and testing of this RC. The Core development team has been posting daily updates on the progress of their work on v5.0, with the number of open issues for this release decreasing every day.
The primary feature of this release is the new editor that will become the default WordPress experience going forward. A number of people have been seeking more direct feedback from the release leads about the progress of this release, which @matt has facilitated by hosting one-to-one discussions with anyone in the community who wanted to talk with him about it. He has also published an extended FAQ covering many of the questions people have been asking.
Alongside the development of the new editor, the Mobile team has been working hard to bring the WordPress mobile apps up to speed. They plan to make a beta version available in February 2019.
WordPress user documentation has long been hosted on the WordPress Codex, but for the past couple of years an ambitious project has been underway to move that content to a freshly-built WordPress-based platform. This project, named “HelpHub,” is now live and the official home of WordPress Support.
There is still plenty of content that needs to be migrated from the Codex to HelpHub, but the initial move is done and the platform is ready to have all WordPress’ user documentation moved across. HelpHub will be the first place for support, encouraging users to find solutions for themselves before posting in the forums.
Spanish WordPress Community Pushes Translations Forward
The WordPress community in Spain has been hard at work making sure as much of the WordPress project as possible is available in Spanish. They have recently translated more of the project than ever — including WordPress Core, WordPress.org, the mobile apps and the top 120 plugins in the Directory.
This achievement has largely been possible due to the fact that the Spanish translation team has over 2,500 individuals contributing to it, making it the largest translation team across the whole project.
The second release candidate for WordPress 5.0 is now available!
This is an important milestone, as we near the release of WordPress 5.0. A final release date will be announced soon, based on feedback from this release candidate. Things are appearing very stable and we hope to announce a date soon. This is a big release and needs your help—if you haven’t tried 5.0 yet, now is the time!
We stopped rendering AdminNotices compatibility component, as this previous attempt at backward compatibility was bringing in numerous incompatible banners and notices from plugins.
An update to the parser to better deal with malformed HTML that could cause a loop. We’re only aware of this in the wild being triggered once in the over a million posts made with Gutenberg, but it caused a loop so we wanted to fix for RC2.
Cosmetic and minor changes in RC2
Accessibility: Simplify sidebar tabs aria-labels.
Make the Image Link URL field readonly.
Internationalization: Merge similar text strings that differed only in capitalization.
CSS: Improve block preview styling.
CSS: Fix visual issues with Button block text wrap.
Fix getSelectedBlockClientId selector.
Fix Classic block not showing galleries on a grid.
Fix an issue where the block toolbar would cause an image to jump downwards when the wide or full alignments were activated.
Move editor specific styles from style.scss to editor.scss in Cover block.
Fix modals in Microsoft Edge browser.
Fix Microsoft IE11 focus loss after TinyMCE init. Add IE check.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
RC bittersweet. We welcome in Gutenberg, Vale Gutenbeard.
The first release candidate for WordPress 5.0 is now available!
This is an important milestone, as we near the release of WordPress 5.0. The WordPress 5.0 release date has shifted from the 27th to give more time for the RC to be fully tested. A final release date will be announced soon, based on feedback on the RC. This is a big release and needs your help—if you haven’t tried 5.0 yet, now is the time!
WordPress 5.0 introduces the new block-based post editor. This is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living.
The block editor is used on over a million sites, we think it’s ready to be used on all WordPress sites. We do understand that some sites might need some extra time, though. If that’s you, please install the Classic Editor plugin, you’ll continue to use the classic post editor when you upgrade to WordPress 5.0.
Twenty Nineteen is WordPress’ new default theme, it features custom styles for the blocks available by default in 5.0. Twenty Nineteen is designed to work for a wide variety of use cases. Whether you’re running a photo blog, launching a new business, or supporting a non-profit, Twenty Nineteen is flexible enough to fit your needs.
The block editor is a big change, but that’s not all. We’ve made some smaller changes as well, including:
All of the previous default themes, from Twenty Ten through to Twenty Seventeen, have been updated to support the block editor.
You can improve the accessibility of the content you write, now that simple ARIA labels can be saved in posts and pages.
WordPress 5.0 officially supports the upcoming PHP 7.3 release: if you’re using an older version, we encourage you to upgrade PHP on your site.
Developers can now add translatable strings directly to your JavaScript code, using the new JavaScript language packs.
Please test your plugins and themes against WordPress 5.0 and update the Tested up to version in the readme to 5.0. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release. An in-depth field guide to developer-focused changes is coming soon on the core development blog. In the meantime, you can review the developer notes for 5.0.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Ruedan los bloques Contando vivos cuentos Que se despiertan
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.
Reminder: the WordPress 5.0 release date has changed. It is now scheduled for release on November 27, and we need your help to get there. Here are some of the big issues that we’ve fixed since Beta 4:
Block Editor
The block editor has been updated to match the Gutenberg 4.4 release, the major changes include:
The final known PHP 7.3 compatibility issue has been fixed. You can brush up on what you need to know about PHP 7.3 and WordPress by checking out the developer note on the Make WordPress Core blog.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.
The WordPress 5.0 release date has changed, it is now scheduled for release on November 27, and we need your help to get there. Here are some of the big issues that we’ve fixed since Beta 3:
Block Editor
The block editor has been updated to match the Gutenberg 4.3 release, the major changes include:
An Annotations API, allowing plugins to add contextual data as you write.
More consistent keyboard navigation between blocks, as well as back-and-forth between different areas of the interface.
Improved accessibility, with additional labelling and speech announcements.
Additionally, there have been some bugs fixed that popped up in beta 3:
Better support for plugins that have more advanced meta box usage.
Script concatenation is now supported.
Ajax calls could occasionally cause PHP errors.
Internationalisation
We’ve added an API for translating your plugin and theme strings in JavaScript files! The block editor is now using this, and you can start using it, too. Check out the developer note to get started.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
International- isation is a word with many syllables.
Meta boxes are the original style block. Old is new again.
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.
WordPress 5.0 is slated for release on November 19, and we need your help to get there. Here are some of the big issues that we’ve fixed since Beta 2:
Block Editor
The block editor has been updated to include all of the features and bug fixes from the upcoming Gutenberg 4.2 release. Additionally, there are some newer bug fixes and features, such as:
Adding support for the “Custom Fields” meta box.
Improving the reliability of REST API requests.
A myriad of minor tweaks and improvements.
Twenty Nineteen
Twenty Nineteen has been updated from its GitHub repository, this version is full of new goodies to check out:
Adds support for Selective Refresh Widgets in the Customiser.
Adds support for Responsive Embeds.
Tweaks to improve readability and functionality on mobile devices.
Fixes nested blocks appearing wider than they should be.
Fixes some errors in older PHP versions, and in IE11.
If you’re able to contribute with coding or testing changes, we have a multitude of bug scrubs scheduled this week, we’d love to have as many people as we can ensuring all bugs reported get the attention they deserve.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
WordPress Five Point Oh is just two short weeks away. Thank you for helping! 💖
To keep everyone aware of big projects and efforts across WordPress contributor teams, I’ve reached out to each team’s listed representatives. I asked each of them to share their Top Priority (and when they hope for it to be completed), as well as their biggest Wins and Worries. Have questions? I’ve included a link to each team’s site in the headings.
Priority: Work on authoring a manual for assistive technology users on Gutenberg, led by Claire Brotherton (@abrightclearweb). Continue to work on improving the overall user experience in Gutenberg. Update and organize the WP A11y handbook.
Struggle: Lack of developers and accessibility experts to help test and code the milestone issues. Still over 100 outstanding issues, and developing the Gutenberg AT manual helps expose additional issues. The announcement of an accessibility focus on 4.9.9 derailed our planning for Gutenberg in September with minimal productivity, as that goal was quickly withdrawn from the schedule.
Big Win: Getting focus constraint implemented in popovers and similar components in Gutenberg.
Priority: Current priority is v2.1.0 of WP-CLI, to polish the major refactoring v2.0.0 introduced. You can join in or follow progress on their site.
Struggle: Getting enough contributors to make peer-review possible/manageable.
Big Win: The major refactoring of v2 was mostly without any negative impacts on existing installs. It provided substantial improvements to maintainability including: faster and more reliable testing, more straight-forward changes to individual packages, and simpler contributor on-boarding.
Priority: Supporting contributors of all levels via: monthly WordCamp Organizers chat, better onboarding with a translated welcome pack, and Contribution Drive documentation.
Priority: Getting HelpHub out before WordPress 5.0’s launch to make sure Gutenberg User Docs have a permanent position to reside
Struggle: Getting the documentation from HelpHub into WordPress.org/support is more manual than initially anticipated.
Big Win: Had a good discussion with the Gutenberg team about their docs and how WordPress.org expects documentation to be distributed (via DevHub, Make and HelpHub). Getting past the code blocks to release HelpHub (soon)
Priority: Support for other teams in the lead up to, and the follow-up of, the release of WP 5.0. ETA is the WP 5.0 release date (Nov 19) and thereafter, unless it gets bumped to next quarter.
Struggle: Maintaining momentum on tickets (still).
Big Win: Launch of front-end demo of Gutenberg on https://wordpress.org/gutenberg/
Struggle: Finding a good balance between how much we want to help people and how much we are able to help people. Also, contributor recruitment (always a crowd favorite!)
Big Win: How well the team, on a global level, has managed to maintain a good flow of user engagement through support.
Priority: Getting the learn.wordpress.org site designed, developed, and being able to publish lesson plans to it.
Struggle: Getting contributors onboard and continually contributing. Part of that is related to the learn.wordpress.org site. People like to see their contributions.
Big Win: We have our new workflow and tools in place. We are also streamlining that process to help things go from idea to publication more quickly.
