Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.
After over a million downloads of WordPress 2.9 and lots of feedback from all of you, we’re releasing WordPress 2.9.1. This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts. If any of these issues…
Thanks to everyone who tested 2.9.1 Beta 1. We’re following that up with Release Candidate 1. RC1 contains a few more fixes, bringing the number of fixed tickets up to 23. If you are already running Beta 1, visit Tools->Upgrade in your blog’s admin to get RC1. You can also download the RC1 package and…
Unfortunately, the recent 2.9 release triggered a bug in certain versions of PHP’s curl extension. With these versions of curl, scheduled posts and pingbacks are not processed correctly. To fix this problem as well as a handful of other, lesser issues, we are quickly releasing 2.9.1, the first maintenance release of the 2.9 line. Help…
I want to make you mine, all the time… oh wait. Hello. I’m here on behalf of the entire WordPress development team and community to announce the immediate availability of WordPress version 2.9 “Carmen” named in honor of magical jazz vocalist Carmen McRae (whom we’ve added to our Last.fm WP release station). You can upgrade…
We’re at that exciting point in WordPress development where the dev team feels like version 2.9 is complete and ready for the world. If you’ve been waiting for your moment to pitch in, it’s now. First we need tech savvy testers to upgrade their blogs and kick the tires, make sure everything is rolling like…
Version beta-2 of WordPress 2.9 is ready for your testing pleasure. You can download it or use the WordPress Beta Tester plugin and auto-upgrade a test installation. See all changes since beta 1.
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended. The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue…
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the…
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password…
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download…
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe. What else is…
2.8.1 is nigh. Release Candidate 1 is our last stop before the final release. Please download RC1, review the changes made since beta 2, and have a look at all of the tickets fixed in 2.8.1. Thanks for testing WordPress.
2.8.1 Beta 2 is ready for testing. Download it, check out the changes since beta 1, and review all tickets fixed in 2.8.1. We especially suggest, recommend, and beg that plugin developers test their plugins against beta 2 and let us know of any issues. Notable fixes in beta 2: Translation of role names fixed…
We’ve started work on the first maintenance release to 2.8. 2.8.1 will fix a handful of bugs that turned up in 2.8. Today we’re releasing the first beta of 2.8.1. Download it, and check out the bugs fixed so far. Here are some of the notable issues that are fixed in beta 1. Certain themes…
I’m very excited to announce to everyone that the latest and greatest version of WordPress, version 2.8 “Baker,” is immediately available for download. 2.8 represents a nice fit and finish release for WordPress with improvements to themes, widgets, taxonomies, and overall speed. We also fixed over 790 bugs. This release is named in honor of…
With Release Candidate 1, we think WordPress 2.8 is ready and complete. Download it, test it, and tell us what you think. If you don’t uncover any bad bugs, 2.8 will be released on Wednesday the 10th. If you’re interested in what has changed since beta 2, consult the changelog.
Download beta 2. See changes since beta 1.
Download it, test it, file bugs. What’s new? All of this. Good hunting, all you testers.
What if there was software with the elegance and extensibility of WordPress but all the features you’ve come to expect from social networks like Facebook? Now there is: check out BuddyPress. BuddyPress is an official sister project of WordPress. The idea behind it was to see what would happen to the web if it was…
2.7.1, the first 2.7 maintenance release, is now available. 2.7.1 fixes 68 tickets. You can automatically upgrade from 2.7 to 2.7.1 via the Tools → Upgrade menu, or you can download the package and upgrade manually. You may have noticed that we went much longer than usual to release this .1 update. We’re very proud…
The first thing you’ll notice about 2.7 is its new interface. From the top down, we’ve listened to your feedback and thought deeply about the design and the result is a WordPress that’s just plain faster. Nearly every task you do on your blog will take fewer clicks and be faster in 2.7 than it…
There comes a time in every WordPress release when it’s ready for the world , to come out of its cocoon and feel the light of the world on its wings for the first time. It’s not quite that time yet, but we’re as close as we’ve ever been, hence the immediate availability of 2.7…
With the release of RC1, we’re in the final leg of development before the release of 2.7. 280 commits since beta 3 have polished the new admin UI (including new menu icons created by the winners of our icon design contest) and fixed all known blocker bugs. We think RC1 is ready for everyone to…
WordPress 2.7 Beta 3 has been released for your testing pleasure. Here are some of the changes since Beta 2 (over 160 changes in total): Numerous style improvements and refinements. All admin notices now go under the page title. PHP Notice fixes. Dashboard widget options now properly save. Menu fixes. New design for Quick Edit.…
WordPress 2.7 Beta 2 is ready. Here is a quick rundown of changes since beta 1. The Upload button didn’t always show. Fixed. JS on the Dashboard broke for blogs with no comments, causing several UI elements to “freeze”. Fixed. Recent Drafts Dashboard module didn’t show correct times. Fixed. Various Autosave fixes. Redirect after deleting…
The first public beta of WordPress 2.7 is here at last. Join the thousands of people already testing 2.7 by downloading 2.7 Beta 1. As previously mentioned on this blog, 2.7 is bringing a new visual design. This design is almost completely implemented, but there are still a few areas that aren’t quite finished in…
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If you don’t want to download the whole…
Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and…
With 2.6.1, we’re continuing our trend of releasing a maintenance release shortly after a major release in order to get fixes for the inevitable “dot zero” bugs into your hands without a long wait. If you’re happy with 2.6, however, keep on using it. You need not upgrade to 2.6.1 if 2.6 is getting the…
I’m happy to announce that version 2.6 of WordPress.org is now available, almost a month ahead schedule. Version 2.6 “Tyner,” named for jazz pianist McCoy Tyner, contains a number of new features that make WordPress a more powerful CMS: you can now track changes to every post and page and easily post from wherever you…
Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly. In addition to the security fix, 2.5.1 contains many bug fixes.…
WordPress 2.5, the culmination of six months of work by the WordPress community, people just like you. The improvements in 2.5 are numerous, and almost entirely a result of your feedback: multi-file uploading, one-click plugin upgrades, built-in galleries, customizable dashboard, salted passwords and cookie encryption, media library, a WYSIWYG that doesn’t mess with your code,…
2.5 is coming along thanks to the fantastic feedback you guys provided on RC1 (over 580 pingbacks and counting), and we’re now ready to show you a bit more of a peek with a short screencast covering the new dashboard and uploader and Release Candidate 2. First here’s the screencast, which is also available embedded…
A customizable dashboard, multi-file upload, built-in galleries, one-click plugin upgrades, tag management, built-in Gravatars, full text feeds, and faster load times sound interesting? Then WordPress 2.5 might be the release for you. It’s been in the oven for a while, and we’re finally ready to open the doors a bit to give you a taste.…
WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are…
WordPress 2.3.2 is an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. Get 2.3.2 now to protect your…
WordPress 2.3.1 is now available. 2.3.1 is a bug-fix and security release for the 2.3 series. 2.3.1 fixes over twenty bugs. Some of the notable fixes are: Tagging support for Windows Live Writer Fixes for a login bug that affected those with a Blog Address different than their WordPress Address Faster taxonomy database queries, especially…
WordPress 2.3.1 is almost ready to go. Before we send it out the door, we’re making a release candidate available so everyone can give it a last look. 2.3.1 fixes over twenty bugs. Some of the notable fixes are: Tagging support for Windows Live Writer A login bug that affected those with a Blog Address…
I’m thrilled to announce that Version 2.3 “Dexter” of WordPress is now ready for the world. This release includes native tagging support, plugin update notification, URL handling improvements, and much more. This release is named for the great tenor saxophonist Dexter Gordon. The entire team is really proud of this release, and I’m happy that…
The first release candidate for WordPress 2.3 is now available. We’ve spent the week since beta 3 fixing bugs and shaping RC1 into release candidate material. If you would like try RC1 and help us get 2.3 ready for its final release on Monday the 24th, download RC1 here and report any bugs you find.…
Beta 3, the third and final beta for WordPress 2.3, is now available. Many bugs have been fixed since the second beta, and we could use your help finding and fixing more bugs in preparation for the first Release Candidate due next Monday. The standard disclaimer for betas applies. Beta 3 is pre-release software that…
2.2.3 is a security and bug-fix release for the 2.2 series. Since this is a security release, we suggest you upgrade immediately. Two of the fixes are high priority. On our Trac you can see the bugs closed and the files changed for 2.2.3. To get 2.2.3, please see our download page. As always, upgrade…
WordPress 2.3 will be here before you know it! We’re putting out a beta release every Monday until WordPress 2.3 ships on September 24th. Today the second beta drops for your testing pleasure. We’ve fixed a bunch of bugs in the last week — thanks to everyone who participated! That said, this is still rough…
The past 3 months we’ve been working feverishly on the next version of WordPress, 2.3. Today we’re releasing the first beta of 2.3 and we’re hoping the more adventurous and savvy among you will help us test it. Some of the features of 2.3 include plugin and core update notification, built-in tags support, faster javascript,…
Today we have two security-related releases available for both users of our main 2.2 branch and the legacy 2.0 branch. As these releases include only security and minor bugfixes they should not cause any plugin or theme compatibility issues, so you have no good excuse not to upgrade. On our Trac you can see the…
WordPress 2.2.1 is now available. 2.2.1 is a bug fix release for the 2.2 series. Since 2.2 was released a month ago, the WordPress community has been improving fit-and-finish by identifying and fixing those little bugs that can be so annoying and by fine-tuning some small details. The result is a nicely polished 2.2.1 release.…
On behalf of the entire WordPress team, I’m proud and excited to announce the immediate availability of version 2.2 “Getz” for download. This version includes a number of new features, most notably Widgets integration, and over two hundred bug fixes. It’s named in honor of tenor saxophonist Stan Getz. Goodies: WordPress Widgets allow you to…
We have a security update release now available for both the 2.1 and 2.0 branches of WordPress now available for immediate download. This update is highly recommend for all users of both branches. These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the…
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately. Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable…
We’ve got a new bugfix and security release for both of our actively maintained branches of WordPress. Version 2.1.1 includes about 30 bug fixes, mostly minor things around encoding, XML-RPC, the object cache, and HTML code. It’s available for immediate download on our download page. Version 2.0.9 only includes the security update, which was around…
On behalf of the WordPress.org community of commiters, contributers, and volunteers, I’m very proud to announce the immediate availability of WordPress 2.1 “Ella”, named for jazz vocalist Ella Fitzgerald. Here’s a sampling of what’s in the new version: Autosave makes sure you never lose a post again. Our new tabbed editor allows you to switch…
Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running…
We have a pretty important release available for everyone, it includes an important security fix and it’s recommended that everyone upgrade. This is the latest release in our stable 2.0 line, which we’ve committed to maintaining for several more years. Here’s what’s new: The aforementioned security fixes. HTML quicktags now work in Safari browsers. Comments…
It’s new release time. The latest in our venerable 2.0 series, which now counts over 1.2 million downloads, is available for download immediately, and we suggest everyone upgrade as this includes security fixes. We’re breaking the tradition of naming releases after jazz musicians to congratulate Ryan Boren on his new son (and first WP baby)…
The WordPress family has been really starting to grow lately. I wanted to let you guys know about two big releases: WordPress Multi-user 1.0 and bbPress 0.72. WordPress MU is an official branch of WordPress that is designed for managing and hosting thousands of blogs instead of just one. It’s the software that powers WordPress.com,…
WordPress 2.0.4, the latest stable release in our Duke series, is available for immediate download. This release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid release across the board. Upgrading is fairly simple, just overwrite…
The latest in the stable 2.0 series, 2.0.3, is now available for download. This is a bug fix and security release, and is recommended for all WordPress users. In addition to an issue that was raised on Bugtraq a few days ago, we’ve also backported a number of security enhancements from 2.1 to further enhance…
On behalf of the WordPress community, I’m proud to announce a merger we’ve had on our minds since the first time we saw Dean Allen’s dog — WordPress and Textpattern are joining forces to create the greatest CMSMS ever, WordPattern. “WordPress and Textpattern: Two great tastes that taste great together.” As with any great union,…
An important security issue has been brought to the attention of the WordPress team and we have worked diligently to bring you a new stable release that addresses it. Our latest version 2.0.2 contains several bugfixes and security fixes. The problems addressed are unannounced XSS issues privately discovered and reported to the WordPress team. Thanks…
It’s been exactly one month since we released the well-received WordPress 2.0 release. In the past 4 weeks we’ve been listening closely to feedback, squashing bugs wherever we find them, and watching how 2.0 handled under different loads. We’ve rolled up all the most important fixes into a 2.0.1 release, which is now available for…
The WordPress community is very proud to present the next generation of WordPress to the world, our 2.0 “Duke” release, named in honor of jazz pianist and composer Duke Ellington. We’ve been working long and hard to bring you this release, and I hope you enjoy using it as much as we’e enjoyed working on…
The next release of WordPress is drawing near. Please help us shake out any last remaining bugs by downloading and testing the 2.0 Release Candidate. If all goes well, the Release Candidate will become 2.0 final. We’re almost there. Download, test, and head over to the Beta Forum to let us know if the Release…
We’re happy to announce that a new version of WordPress is now available for download. This set of improvements and security fixes is in line with our commitment to maintaining an extremely stable 1.5 series. In addition to fixing a number of bugs and adding requested enhancements for plugin authors, this release also addresses all…
We would like to announce that WordPress 1.5.1.3 is now released as we continue the availablity of a highly stable and extremely popular branch based on the 1.5 Strayhorn codebase. Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which…
Update: In our effort to optimize we made two mistakes in 1.5.1, one related to feeds and one related to trackbacks and pingbacks. We’ve updated the download with 1.5.1.1 which corrects these bugs and a few others. It seemed like a good time to brighten everyone’s Monday with a new release of everyone’s favorite blogging…
(This is my favorite part of what I do.) To the 12,126 of you who have already downloaded WordPress 1.5, congrats for being on the ball. We had a “soft launch” on Monday the 14th while we worked out some infrastructure issues and we’re now very ready to announce WordPress 1.5 to the world. This…
WordPress 1.2.2 is now officially available for download. This release fixes a few bugs and security issues and is recommended for all 1.2 users. There have only been minor changes since the last release, so if you’re upgrading from any 1.2 version you can follow the normal upgrade instructions. Here’s a few of the things…
I am relieved to announce that WordPress 1.2.1 is now available for download. This release addresses a few bugs and minor security issues with 1.2. We’ve also backported the new login system from 1.3 that is much friendlier and should address many of the problems people have had with logging in and cookies. Upgrading Upgrading…
I am very proud to announce the immediate availability of the much-anticipated 1.2 “Mingus” release of WordPress. You can download it through the usual methods, though it usually takes a few hours for the SourceForge mirrors to catch up with everything. There are so many new features it’s almost too much for this post, but…
A few issues came up with the last release candidate that made it important to test out the latest changes in a final beta release. Trust me, I’m as anxious as all of you to get my hands on a final 1.2 but this last bit of testing will help us ensure that the much-anticipated…
As I promised the other day, the first release candidate of WordPress 1.2 is available. It’s available from the usual place. We need a real page for beta releases, not just posts on the dev blog and apache indexed directories, I know. It’s on the list! As always, feedback in the beta forum is appreciated.
Peter Westwood has created a WordPress ebuild for the Gentoo Linux system, like I do. The ebuild currently has some weird dependencies, but that seems be due to some sort of web application framework they’re using. To install WordPress on Gentoo now simply type the following as root: emerge sync; emerge wordpress There is also…
I’m very happy to kick off the 1.2 beta cycle tonight. In many ways version 1.2 represents the largest step forward since the inception of WordPress. It’s been a bit over a month since the last version—1.0.2—was released, but the 1.2 branch has been under development since mid-January. Because of the heavy changes to the…
Thanks to those who wrote in about the https://wordpress.org/latest link going to the old release, that has been fixed now.
We realize that this development blog has been rather quiet lately, but the team has been working hard behind the scenes. As has been mentioned in the support forums, there came a point where we had pretty much gone beyond all of the version 1.1 milestones, so the next official release will be version 1.2.…
The latest WordPress 1.0.1 is now available. This is the fastest, most stable, and most secure WordPress ever.
The release candidate for version 1.0.1 is now available in the usual place. The 1.0.1 release fixes all known issues with 1.0, has several speed and efficiency improvements, more robust XFN support, improved importers all around, and a few other miscellaneous features. To upgrade from 1.0 simply overwrite your old files and run wp-admin/upgrade.php.
I am proud to announce that WordPress 1.0 is now available. As the version number indicates, this is a major step for us and a great deal of effort has gone into it. Search engine friendly permalinks You may now structure your permalinks in a manner that is not only more meaningful, semantic, and "cruft-free,"…
I am very happy to announce that 0.72 is now available. Here are some of the new features: An important security fix Tons of bug fixes Password protected posts Cursor-aware quicktags (like using a fancy text-editor) Improved API support: full or near full support for the Blogger, MetaWeblog, and MT APIs New template design from…
It’s available in the usual place, we need quick feedback on this. This release adds several new features and fixes an important security vulnerability. Unless any major bugs are found, this release will be identical to the final 0.72 release.
Beta 2 is now available. This contains numerous bugfixes, including one to the dreaded convert_char problem. Unless any outstanding bugs are found, this is going to be the official release version. So test it out well.
Please try it out and give us some feedback in the forums. Enjoy! Abbreviated upgrade instructions for the impatient: Upgrading from 0.71 Overwrite your old .71 files, backing up most likely your index.php and any other files you customized. Open up wp-config.sample.php and edit the database information. Then rename that file wp-config.php. Do a happy…
A new version of WordPress has been issued to fix a cross site scripting (XSS) vulnerability in post comments.
The 0.71 release of WordPress is now officially available.
This final beta fixes all known issues and then some. I’m running it on my own site and it’s great. Try it out and report any problems in the beta forums. Thanks!
We’re very close to our .71 release, so please try out the beta to help iron out any issues.
The first release of WordPress is now available.
There’s a new beta up, same bat channel. This has a much cleaner include scheme that should work on restrictive hosts and avoid a lot of the problems people were having. There are a ton of other fixes here as well, so check it out.
Beta testers are needed for the .7 release.