WordPress.org

Ready to get started?Download WordPress

WordPress 4.1 Release Candidate

Posted December 11, 2014 by John Blackbourn. Filed under Releases.

The release candidate for WordPress 4.1 is now available.

We’ve made a lot of refinements over the last few weeks. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.1 on Tuesday, December 16, but we need your help to get there. If you haven’t tested 4.1 yet, now is the time! (Please though, not on your live site unless you’re adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.1 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 4.1, visit the About screen in your dashboard ( → About in the toolbar) or check out the beta announcement.

Developers, please test your plugins and themes against WordPress 4.1 and update your plugin’s Tested up to version in the readme to 4.1 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Be sure to follow along the core development blog, where we’ll continue to post notes for developers for 4.1. (For example: if you’ve written a child theme for Twenty Fifteen, some of the new pagination functions have been renamed for clarity.)

Testing four point one
Why are we up at this hour?
Code is poetry

WordPress 4.0.1 Security Release

Posted November 20, 2014 by Andrew Nacin. Filed under Releases, Security.

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.0.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Already testing WordPress 4.1? The second beta is now available (zip) and it contains these security fixes. For more on 4.1, see the beta 1 announcement post.

WordPress 4.1 Beta 1

Posted November 14, 2014 by John Blackbourn. Filed under Development, Releases.

Welcome, everyone, to WordPress 4.1 Beta 1!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

WordPress 4.1 is due for release next month, so we need your help with testing. Here are some highlights of what to test:

  • Our beautiful new default theme, Twenty Fifteen. It’s a clean, mobile-first, blog-focused theme designed through simplicity.
  • A new distraction-free writing mode for the editor. It’s enabled by default for beta, and we’d love feedback on it.
  • The ability to automatically install new language packs right from the General Settings screen (available as long as your site’s filesystem is writable).
  • A new inline formatting toolbar for images embedded into posts.

There have been a lot of changes for developers to test as well:

If you want a more in-depth view of what changes have made it into 4.1, check out the weekly review posts on the main development blog.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.

Happy testing!

Twenty Fifteen theme
The beautiful face which hides
Many improvements

WordPress 4.0 Release Candidate

Posted August 27, 2014 by Helen Hou-Sandi. Filed under Development, Releases.

The first release candidate for WordPress 4.0 is now available!

In RC 1, we’ve made refinements to what we’ve been working on for this release. Check out the Beta 1 announcement post for more details on those features. We hope to ship WordPress 4.0 next week, but we need your help to get there. If you haven’t tested 4.0 yet, there’s no time like the present. (Please, not on a production site, unless you’re adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.0 RC1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 4.0, visit the awesome About screen in your dashboard ( → About in the toolbar).

Developers, please test your plugins and themes against WordPress 4.0 and update your plugin’s Tested up to version in the readme to 4.0 before next week. If you find compatibility problems, please be sure to post any issues to the support forums so we can figure those out before the final release. You also may want to give your plugin an icon, which we launched last week and will appear in the dashboard along with banners.

It is almost time
For the 4.0 release
And its awesomeness

WordPress 4.0 Beta 4

Posted August 15, 2014 by Helen Hou-Sandi. Filed under Development, Releases.

The fourth and likely final beta for WordPress 4.0 is now available. We’ve made more than 250 changes in the past month, including:

  • Further improvements to the editor scrolling experience, especially when it comes to the second column of boxes.
  • Better handling of small screens in the media library modals.
  • A separate bulk selection mode for the media library grid view.
  • Improvements to the installation language selector.
  • Visual tweaks to plugin details and customizer panels.

We need your help. We’re still aiming for a release this month, which means the next week will be critical for identifying and squashing bugs. If you’re just joining us, please see the Beta 1 announcement post for what to look out for.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums, where friendly moderators are standing by. Plugin developers, if you haven’t tested WordPress 4.0 yet, now is the time — and be sure to update the “tested up to” version for your plugins so they’re listed as compatible with 4.0.

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.0, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

We are working hard
To finish up 4.0
Will you help us too?

WordPress 3.9.2 Security Release

Posted August 6, 2014 by Andrew Nacin. Filed under Releases, Security.

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.

WordPress 3.9.2 also contains other security changes:

  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 or venture over to Dashboard → Updates and simply click “Update Now”.

Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also be updated to 3.8.4 or 3.7.4. We don’t support older versions, so please update to 3.9.2 for the latest and greatest.)

Already testing WordPress 4.0? The third beta is now available (zip) and it contains these security fixes.

WordPress 4.0 Beta 2

Posted July 18, 2014 by Helen Hou-Sandi. Filed under Development, Releases.

WordPress 4.0 Beta 2 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more of what’s new in version 4.0, check out the Beta 1 blog post. Some of the changes in Beta 2 include:

  • Further refinements for the the plugin installation and media library experiences.
  • Updated TinyMCE, which now includes better indentation for lists and the restoration of the color picker.
  • Cookies are now tied to a session internally, so if you have trouble logging in, #20276 may be the culprit.
  • Various bug fixes (there were nearly 170 changes since last week).

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

WordPress 4.0 Beta 1

Posted July 10, 2014 by Helen Hou-Sandi. Filed under Development, Releases.

WordPress 4.0 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.0, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

4.0 is due out next month, but to get there, we need your help testing what we’ve been working on:

  • Previews of embedding via URLs in the visual editor and the “Insert from URL” tab in the media modal. Try pasting a URL (such as a WordPress.tv or YouTube video) onto its own line in the visual editor. (#28195, #15490)
  • The Media Library now has a “grid” view in addition to the existing list view. Clicking on an item takes you into a modal where you can see a larger preview and edit information about that attachment, and you can navigate between items right from the modal without closing it. (#24716)
  • We’re freshening up the plugin install experience. You’ll see some early visual changes as well as more information when searching for plugins and viewing details. (#28785, #27440)
  • Selecting a language when you run the installation process. (#28577)
  • The editor intelligently resizes and its top and bottom bars pin when needed. Browsers don’t like to agree on where to put things like cursors, so if you find a bug here, please also let us know your browser and operating system. (#28328)
  • We’ve made some improvements to how your keyboard and cursor interact with TinyMCE views such as the gallery preview. Much like the editor resizing and scrolling improvements, knowing about your setup is particularly important for bug reports here. (#28595)
  • Widgets in the Customizer are now loaded in a separate panel. (#27406)
  • We’ve also made some changes to some formatting functions, so if you see quotes curling in the wrong direction, please file a bug report.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.

Developers: Never fear, we haven’t forgotten you. There’s plenty for you, too – more on that in upcoming posts. In the meantime, check out the API for panels in the Customizer.

Happy testing!

Plugins, editor
Media, things in between
Please help look for bugs

WordPress 3.9.1 Maintenance Release

Posted May 8, 2014 by Andrew Nacin. Filed under Releases.

After three weeks and more than 9 million downloads of WordPress 3.9, we’re pleased to announce that WordPress 3.9.1 is now available.

This maintenance release fixes 34 bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor. We’ve also made some improvements to the new audio/video playlists feature and made some adjustments to improve performance. For a full list of changes, consult the list of tickets and the changelog.

If you are one of the millions already running WordPress 3.9, we’ve started rolling out automatic background updates for 3.9.1. For sites that support them, of course.

Download WordPress 3.9.1 or venture over to Dashboard → Updates and simply click “Update Now.”

Thanks to all of these fine individuals for contributing to 3.9.1: Aaron Jorbin, Andrew Nacin, Andrew Ozz, Brian Richards, Chris Blower, Corey McKrill, Daniel Bachhuber, Dominik Schilling, feedmeastraycat, Gregory Cornelius, Helen Hou-Sandi, imath, Janneke Van Dorpe, Jeremy Felt, John Blackbourn, Konstantin Obenland, Lance Willett, m_i_n, Marius Jensen, Mark Jaquith, Milan Dinić, Nick Halsey, pavelevap, Scott Taylor, Sergey Biryukov, and Weston Ruter.

WordPress 3.9 Release Candidate 2

Posted April 15, 2014 by Andrew Nacin. Filed under Development, Releases.

The second release candidate for WordPress 3.9 is now available for testing.

If you haven’t tested 3.9 yet, you’re running out of time! We made about five dozen changes since the first release candidate, and those changes are all helpfully summarized in our weekly post on the development blog. Probably the biggest fixes are to live widget previews and the new theme browser, along with some extra TinyMCE compatibility and some RTL fixes.

Plugin authors: Could you test your plugins against 3.9, and if they’re compatible, make sure they are marked as tested up to 3.9? It only takes a few minutes and this really helps make launch easier. Be sure to follow along the core development blog; we’ve been posting notes for developers for 3.9. (For example: HTML5, symlinks, MySQL, Plupload.)

To test WordPress 3.9 RC2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 3.9, visit the nearly complete About screen in your dashboard ( → About in the toolbar) and also check out the Beta 1 post.

This is for testing,
so not recommended for
production sites—yet.

« Newer PostsOlder Posts »

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: