WordPress.org

WordPress 4.4.1 Security and Maintenance Release

Posted January 6, 2016 by Aaron Jorbin. Filed under Releases, Security.

WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.

There were also several non-security bug fixes:

  • Emoji support has been updated to include all of the latest emoji characters, including the new diverse emoji! 👍🏿👌🏽👏🏼
  • Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins.
  • If a post URL was ever re-used, the site could redirect to the wrong post.

WordPress 4.4.1 fixes 52 bugs from 4.4. For more information, see the release notes or consult the list of changes.

Download WordPress 4.4.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.4.1.

Thanks to everyone who contributed to 4.4.1:

Aaron D. Campbell, Aaron Jorbin, Andrea Fercia, Andrew Nacin, Andrew Ozz, Boone Gorges, Compute, Daniel Jalkut (Red Sweater), Danny van Kooten, Dion Hulse, Dominik Schilling (ocean90), Dossy Shiobara, Evan Herman, Gary Pendergast, gblsm, Hinaloe, Ignacio Cruz Moreno, jadpm, Jeff Pye Brook, Joe McGill, John Blackbourn, jpr, Konstantin Obenland, KrissieV, Marin Atanasov, Matthew Ell, Meitar, Pascal Birchler, Peter Wilson, Roger Chen, Ryan McCue, Sal Ferrarello, Scott Taylor, scottbrownconsulting, Sergey Biryukov, Shinichi Nishikawa, smerriman, Stephen Edgar, Stephen Harris, tharsheblows, voldemortensen, and webaware.

WordPress 4.4 “Clifford”

Posted December 8, 2015 by Matt Mullenweg. Filed under Releases.

Version 4.4 of WordPress, named “Clifford” in honor of jazz trumpeter Clifford Brown, is available for download or update in your WordPress dashboard. New features in 4.4 make your site more connected and responsive. Clifford also introduces a new default theme, Twenty Sixteen.


Introducing Twenty Sixteen

A screenshot of Twenty Sixteen set in an iPad frame

Our newest default theme, Twenty Sixteen, is a modern take on a classic blog design.

Twenty Sixteen was built to look great on any device. A fluid grid design, flexible header, fun color schemes, and more, will all make your content shine.


Responsive Images

An image of a laptop, iPad, Android phone, and iPhone containing the same image displayed at multiple sizes to demonstrate responsive image features.

WordPress now takes a smarter approach to displaying appropriate image sizes on any device, ensuring a perfect fit every time. You don’t need to do anything to your theme, it just works.


Embed Everything

Now you can embed your posts on other WordPress sites. Simply drop a post URL into the editor and see an instant embed preview, complete with the title, excerpt, and featured image if you’ve set one. We’ll even include your site icon and links for comments and sharing.

In addition to post embeds, WordPress 4.4 also adds support for five new oEmbed providers: Cloudup, Reddit Comments, ReverbNation, Speaker Deck, and VideoPress.


Under the Hood

The WordPress REST API logo

REST API infrastructure

Infrastructure for the REST API has been integrated into core, marking a new era in developing with WordPress. The REST API gives developers an easy way to build and extend RESTful APIs on top of WordPress.

Infrastructure is the first part of a multi-stage rollout for the REST API. Inclusion of core endpoints is targeted for an upcoming release. To get a sneak peek of the core endpoints, and for more information on extending the REST API, check out the official WordPress REST API plugin.

Term meta

Terms now support metadata, just like posts. See add_term_meta(), get_term_meta(), and update_term_meta() for more information.

Comment query improvements

Comment queries now have cache handling to improve performance. New arguments in WP_Comment_Query make crafting robust comment queries simpler.

Term, comment, and network objects

New WP_Term, WP_Comment, and WP_Network objects make interacting with terms, comments, and networks more predictable and intuitive in code.


The Team

Scott TaylorThis release was led by Scott Taylor, with the help of these fine individuals. There are 471 contributors with props in this release (by far the most ever!). Pull up some Clifford Brown on your music service of choice, and check out some of their profiles:

.., @mercime, _smartik_, A5hleyRich, Aaron D. Campbell, Aaron Jorbin, Aaron Rutley, Adam Harley (Kawauso), Adam Silverstein, adamholisky, Ahmad Awais, Aki Björklund, AlbertoCT, Alex Kirk, Alex Mills (Viper007Bond), Alex Shiels, Alexander Gounder, alireza1375, Amanda Giles, amereservant, Amy Hendrix (sabreuse), Andrea Fercia, Andrew Duthie, Andrew Nacin, Andrew Norcross, Andrew Ozz, Andy Fragen, Angelo Mandato, Ankit Gade, Ankit K Gupta, Anthony Burchell, ap.koponen, apokalyptik, atomicjack, Austin Ginder, Austin Matzko, Barry Ceelen, Barry Kooij, bcworkz, BdN3504, Bego Mario Garde, Ben May, Benjamin Pick, berengerzyla, Bernhard Riedl, bigdawggi, bilalcoder, BinaryKitten, Birgir Erlendsson (birgire), Bjørn Johansen, bobbingwide, bonger, Boone B. Gorges, Brad Touesnard, bradparbs, Brady Vercher, Brainstorm Force, Brandon Kraft, bravokeyl, brentvr, brettz95, Bruno Kos, Cam, Cami Kaos, carolinegeven, Casey Bisson, ch1902, Chandra M, Chandra Patel, Chase Wiseman, Chiara Dossena, Chip Bennett, Chirag Swadia, Chris Christoff, Chris Kindred, Chris Klosowski, chriscoyier, Chrisdc1, christianoliff, Christopher Finke, christophherr, cjhaas, codeelite, Coen Jacobs, Compute, Courtney Ivey, Craig Ralston, Curtiss Grymala, Cătălin Dogaru, Daisuke Takahashi, Dan Boulet, Daniel Bachhuber, Daniel Jalkut (Red Sweater), Daniel Koskinen, Daniel Ménard, Daniele Scasciafratte, daniellandau, daniloercoli, Danny de Haan, Danny van Kooten, Darren Ethier (nerrad), Daryl L. L. Houston (dllh), Datta Parad, Dave McHale, David A. Kennedy, David Anderson, David Binovec, David Herrera, David Shanske, DeBAAT, Denis de Bernardy, Dennis Ploetner, Derek Herman, Devin Price, Dezzy, Dion Hulse, Dipali Dhole, dipesh.kakadiya, Dominik Bruderer, Dominik Schilling, Dossy Shiobara, Dreb Bits, Drew Jaynes, dustinbolton, Dzikri Aziz, edirect24, Eduardo Reveles, Eduardo Zulian, Edward Caissie, Egill R. Erlendsson, egower, Ehsaan, ehtis, Ella Iseulde Van Dorpe, Ellie Strejlau, Elliott Stocks, elusiveunit, enshrined, Eric Andrew Lewis, Eric Binnion, Eric Daams, Eric Mann, ericjuden, Evan Herman, F4rkie, Felix Arntz, Firdaus Zahari, firebird75, fonglh, francoisb, Frank Klein, Frankie Jarrett, Fredrik Forsmo, Gaelan Lloyd, Gagan Deep Singh, Gary Cao, Gary Jones, Gary Pendergast, garza, Gaurav Pareek, Gautam Gupta, gblsm, geminorum, Gerhard Potgieter, geza.miklo, Gijs Jorissen, Giuseppe Mamone, Giustino Borzacchiello, gnaka08, gradyetc, Greg Rickaby, Gregory Karpinsky (@tivnet), Gustavo Bordoni, Gustavo Bordoni, gwinh.lopez, hakre, hauvong, Helen Hou-Sandí, Hinaloe, Hrishikesh Vaipurkar, Hugh Lashbrooke, Hugo Baeta, Iain Poulson, Ian Dunn, Ian Stewart, icetee, Ignacio Cruz Moreno, Ihor Vorotnov, imath, ippetkov, Ivan Kristianto, J.D. Grimes, J.Sugiyama, jadpm, jakub.tyrcha, James Huff, janhenckens, Japh, Jasper de Groot, jazbek, jcroucher, Jeff Farthing, Jeff Stieler, JeffMatson, Jeffrey de Wit, Jeffrey Schutzman, jeichorn, Jennifer M. Dodd, Jeremy Felt, Jeremy Pry, Jeroen Schmit, Jesin A, Jesper van Engelen, jim912, jliman, jmayhak, jnylen0, Jobst Schmalenbach, Joe Dolson, Joe Hoyle, Joe McGill, joehills, John Blackbourn, John James Jacoby, John P. Bloch, John Parris, Jon Cave, Jonathan Bardo, Jonathan Desrosiers, Jonny Harris, Joost de Valk, Jorge Bernal, Josh Betz, Josh Eaton, Josh Pollock, jpr, jrf, Juhi Saxena, Julio Potier, justdaiv, Justin Sainton, Justin Shreve, Justin Sternberg, Justin Tadlock, K.Adam White, Kailey (trepmal), KalenJohnson, karinedo, karpstrucking, Kelly Dwan, Kevin Behrens, Kevin Langley, kevinatelement, kitchin, Kite, Konstantin Kovshenin, Konstantin Obenland, KrissieV, Krzysiek Dróżdż, Kurt Payne, laceous, Lance Willett, Laurens Offereins, lcherpit, ldinclaux, Lee Willis, leemon, lessbloat, linuxologos, Lucas Karpiuk, lucatume, luciole135, Lucy Tomas, Luke Carbis, madalin.ungureanu, Mako, manolis09, Marcin Pietrzak, Marin Atanasov, Mario Peshev, Marius L. J. (Clorith), Mark Jaquith, Marko Heijnen, Markus Echterhoff, Mat Marquis, Matheus Martins, Matt Bagwell, Matt Cromwell, Matt Gibbs, Matt Martz, Matt Mullenweg, Matt van Andel, Matthew Boynes, Matthew Haines-Young, Matthias Pfefferle, maweder, mazurstas, mbrandys, mdmcginn, Mehul Kaklotar, Meitar, Mel Choyce, meloniq, micahmills, micahwave, Michael Adams (mdawaffe), Michael Arestad, Michael Cain, Mickey Kay, Mike Glendinning, Mike Hansen, Mike Jolley, Mike Jordan, Mike Schinkel, Mike Schroder, Milan Dinić, mismith227, misterunknown, mitcho (Michael Yoshitaka Erlewine), Monika, Morgan Estes, Morten Rand-Hendriksen, moto hachi ( mt8.biz ), Mr Papa, mrmist, mulvane, neoscrib, NExT-Season, Niall Kennedy, nicholas_io, Nick Ciske, Nick Halsey, NickDuncan, Nicolas Juen, nikeo, Nikhil Chavan, Niklas, Nikola Nikolov, Nikolay Bachiyski, Nilambar Sharma, OriginalEXE, Paresh Radadiya, Pascal Birchler, Pat O'Brien, Paul Bearne, Paul de Wouters, Paul Ryan, Paul Wilde, pavelevap, Payton Swick, Peter Wilson, Petter Walbø Johnsgård, Petya Raykovska, Philip Arthur Moore, PhilipLakin, Philipp Cordes, Piotr Delawski, Piotr Soluch, Pippin Williamson, Prasad Nevase, Prasath Nadarajah, Pratik, Rachel Baker, rajnikmit, Rakesh Lawaju (Racase Lawaju), ramay, Rami Yushuvaev, Raul Illana, renoirb, rhubbardreverb, Rhys Wynne, Rian Rietveld, Richard Tape, Robert Chapin, Rodrigo Primo, Roger Chen, Rommel Castro, RomSocial, Ron Rennick, Ronald Huereca, Russell Heimlich, Ruud Laan, Ryan Kienstra, Ryan Markel, Ryan McCue, Ryan Welcher, Safirul Alredha, Sal Ferrarello, salvoaranzulla, Sam Brodie, sam2kb, Samir Shah, Samuel Sidler, Samuel Wood (Otto), Sanket Parmar, Sara Rosso, sboisvert, Scott Arciszewski, Scott Grant, Scott Kingsley Clark, Scott Reilly, scottbrownconsulting, ScreenfeedFr, scribu, sdavis2702, Sean Hayes, Sebastian Pisula, Sergey Biryukov, serpent7776, several27, shimakyohsuke, Shinichi Nishikawa, side777, Simon Prosser, Simon Wheatley, Siobhan, sirzooro, sjmur, smerriman, Stanislav Khromov, Stanko Metodiev, stebbiv, Stefan Froehlich, Stephanie Leary, Stephen Edgar, Stephen Harris, Steve Grunwell, stevehenty, SteveHoneyNZ, Steven Word, Store Locator Plus, Sudar Muthu, Sumit Singh, summerblue, Sunny Ratilal, Takashi Irie, Takayuki Miyauchi, Tammie Lister, Tanner Moushey, tbcorr, Terry Chay, tharsheblows, theMikeD, Thomas Kräftner, thomaswm, Thorsten Frommen, Thorsten Ott, tigertech, Till Krüss, Tim Evko, tmatsuur, tmeister, TobiasBg, Tom Willmot, TomHarrigan, tommarshall, tomsommer, Toni Viemerö, Toro_Unit (Hiroshi Urabe), Tracy Levesque, Tran Ngoc Tuan Anh, Travis Smith, trenzterra, Tryon Eggleston, tszming, ty, Ty Carlson, Tyler Carter, Ulrich, Ulrich Sossou, Umesh Kumar, Umesh Nevase, Utkarsh, vilkatis, voldemortensen, Walter Ebert, walterbarcelos, webaware, WEN Solutions, WEN Themes, Weston Ruter, wmertens, Wojtek Szkutnik, WP Plugin Dev dot com, wp-architect, wpdev101, wpseek, wturrell, Yam Chhetri, Yoav Farhi, Zach Wills, Zack Rothauser, and Zack Tollman.

 

Special thanks go to Siobhan McKeown for producing the release video with Sara Rosso, and Cami Kaos for the voice-over.

Finally, thanks to all of the contributors who provided subtitles for the release video, which at last count had been translated into 23 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.5!

WordPress 4.4 Release Candidate

Posted November 25, 2015 by Scott Taylor. Filed under Development, Releases.

The release candidate for WordPress 4.4 is now available.

RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.4 on Tuesday, December 8, but we need your help to get there.

If you haven’t tested 4.4 yet, now is the time!

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.4 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For more information about what’s new in version 4.4, check out the Beta blog post.

Developers, please test your plugins and themes against WordPress 4.4 and update your plugin’s Tested up to version in the readme to 4.4 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Be sure to follow along the core development blog, where we’ll continue to post notes for developers for 4.4.

Tickets are all closed
Help test the latest changes
New WordPress for All

WordPress 4.4 Beta 4

Posted November 12, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 4 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information about what’s new in version 4.4, check out the Beta 1 blog post. This our final planned beta. Next week will be our first Release Candidate.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Closer To The End
Tickets Are Being Shuffled
Onward to RC

WordPress 4.4 Beta 3

Posted November 4, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 3 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more of what’s new in version 4.4, check out the Beta 1 blog post.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Four-four beta three
Even more activity
Nary a shared term

WordPress 4.4 Beta 2

Posted October 28, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 2 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more of what’s new in version 4.4, check out the Beta 1 blog post.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Four-four beta two
Another week of progress
REST API lives!

WordPress 4.4 Beta 1

Posted October 22, 2015 by Scott Taylor. Filed under Development, Releases.

WordPress 4.4 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

WordPress 4.4 is slated for release on December 8, but to get there, we need your help testing what we have been working on, including:

  • Twenty Sixteen — The newest default theme for WordPress.
  • Responsive Images — WordPress automatically delivers a more appropriate image to users depending on a variety of conditions like screen size, viewport size, and screen resolution.
  • Embeds — WordPress can now embed rich content from nearly all sites that support the oEmbed standard — not just YouTube, Flickr, Twitter, and the like. You can even embed previews of posts from other WordPress sites by pasting the URL on its own line.

There have been a lot of changes for developers to play with as well:

  • REST API (phase 1) — The underlying infrastructure of the WordPress REST API plugin has been included in WordPress 4.4. Plugin authors can take advantage of this by adding custom endpoints.
  • Term Metadata — Taxonomy term metadata is now included in WordPress 4.4. If you’ve already been using a plugin to implement term metadata, you should read this post on how to prepare. Also, the underlying WP_Term class improves caching when working with terms. (#14162)
  • Improved <title> outputwp_title() is now deprecated; WordPress can handle the rendering of the document title automatically.
  • Comments — Comment queries are now split for performance. Also, the underlying WP_Comment class improves caching and introduces strong-typing. (#8071#32619)

If you want a more in-depth view of what major changes have made it into 4.4, check out all 4.4-tagged posts on the main development blog, or check out a list of everything that’s changed.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs.

Happy testing!

Many small changes
Some groundbreaking new features
Fun times had by all

WordPress 4.3.1 Security and Maintenance Release

Posted September 15, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
  • A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
  • Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.3.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.3.1.

Thanks to everyone who contributed to 4.3.1:

Adam Silverstein, Andrea FerciaAndrew Ozz, Boone Gorges, Brandon Kraft, chriscct7, Daisuke Takahashi, Dion Hulse, Dominik Schilling, Drew Jaynes, dustinbolton, Gary Pendergast, hauvong, James Huff, Jeremy Felt, jobst, Marin Atanasov, Nick Halsey, nikeo, Nikolay Bachiyski, Pascal Birchler, Paul Ryan, Peter Wilson, Robert Chapin, Samuel Wood, Scott Taylor, Sergey Biryukov, tmatsuur, Tracy Levesque, Umesh Nevase, vortfu, welcher, Weston Ruter

WordPress 4.3 “Billie”

Posted August 18, 2015 by Matt Mullenweg. Filed under Releases.

WordPress 4.3 - "Billie"

Version 4.3 of WordPress, named “Billie” in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard. New features in 4.3 make it even easier to format your content and customize your site.


Menus in the Customizer

Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.


Formatting Shortcuts


Your writing flow just got faster with new formatting shortcuts in WordPress 4.3. Use asterisks to create lists and number signs to make a heading. No more breaking your flow; your text looks great with a * and a #.


Site Icons


 
Site icons represent your site in browser tabs, bookmark menus, and on the home screen of mobile devices. Add your unique site icon in the customizer; it will even stay in place when you switch themes. Make your whole site reflect your brand.


Better Passwords


 
Keep your site more secure with WordPress’ improved approach to passwords. Instead of receiving passwords via email, you’ll get a password reset link. When you add new users to your site or edit a user profile, WordPress will automatically generate a secure password.


Other improvements

  • A smoother admin experience – Refinements to the list view across the admin make your WordPress more accessible and easier to work with on any device.
  • Comments turned off on pages – All new pages that you create will have comments turned off. Keep discussions to your blog, right where they’re supposed to happen.
  • Customize your site quickly – Wherever you are on the front-end, you can click the customize link in the toolbar to swiftly make changes to your site.

The Team

Konstantin ObenlandThis release was led by Konstantin Obenland, with the help of these fine individuals. There are 246 contributors with props in this release. Pull up some Billie Holiday on your music service of choice, and check out some of their profiles:

@mercime, Aaron D. Campbell, Aaron Jorbin, Adam Heckler, Adam Silverstein, Aki Björklund, Alex Kirk, Alex Mills (Viper007Bond), Alex Shiels, Alin Marcu, andfinally, Andrea Fercia, Andrea Gandino, Andrew Nacin, Andrew Ozz, Andy Fragen, Ankit K Gupta, Anthony Burchell, anubisthejackle, Aram Zucker-Scharff, Arjun S Kumar, avnarun, Bad Feather, Ben Cole, Ben Dunkle, BinaryKitten, Birgir Erlendsson (birgire), Bjørn Johansen, bolo1988, Boone B. Gorges, Brad Touesnard, Bram Duvigneau, Brandon Kraft, Brian Krogsgard, Brian Layman, Caleb Burks, CalEvans, Chase Wiseman, Chip Bennett, Chouby, Chris Christoff (chriscct7), Chris Olbekson, Craig Ralston, Daisuke Takahashi, Daniel Bachhuber, Daniel Jalkut (Red Sweater), Daniele Scasciafratte, daniluk4000, Dave McHale, DaveAl, David A. Kennedy, David Herrera, daxelrod, Denis de Bernardy, Dennis Ploetner, Derek Herman, DH-Shredder, Dion Hulse, dipesh.kakadiya, dmsnell, Dominik Schilling, Drew Jaynes, dustinbolton, Dzikri Aziz, eclev91, eligijus, Elio Rivero, Ella Iseulde Van Dorpe, Eric Andrew Lewis, Eric Binnion, Eric Mann, Fabien Quatravaux, Felix Arntz, francoeurdavid, Frank Klein, gabrielperezs, Garth Mortensen, Gary Jones, Gary Pendergast, George Stephanis, glennm, gtuk, hailin, hauvong, Helen Hou-Sandí, Henrik Akselsen, Hinaloe, Hrishikesh Vaipurkar, Hugo Baeta, Iain Poulson, imath, Ipstenu (Mika Epstein), isaacchapman, izem, J.D. Grimes, Jack Lenox, jadpm, James Golovich, James Huff, jancbeck, Jeff Farthing, Jeremy Felt, Jeremy Pry, Jeremy Ward, Jesin A, Jip Moors, jjberry, Jobst Schmalenbach, Joe Dolson, Joe Hoyle, Joe McGill, Joey Kudish, John Blackbourn, John James Jacoby, John Leschinski, Joost de Valk, Josh Davis, Jpyper, jrf, Julio Potier, Justin Sternberg, Kai Jacobsen, karinchristen, karpstrucking, Kelly Dwan, Kevin Koehler, kitchin, Kite, Konstantin Kovshenin, Lance Willett, Lee Willis, Leo Gopal, loushou, Lumaraf, Marin Atanasov, Mario Peshev, Marius L. J. (Clorith), Mark Jaquith, Marko Heijnen, marsjaninzmarsa, martinsachse, Matt Mullenweg, Matt van Andel, Matt Wiebe, mattyrob, Mel Choyce, Michael, Michael Adams (mdawaffe), Michael Arestad, michaelryanmcneill, Mickey Kay, mihai, Mike Hansen, Mike Nelson, Milan Dinić, Morgan Estes, mrutz, nabil_kadimi, Naoko Takano, Nazmul Hossain Nihal, nicholas_io, Nick Halsey, Nick Momrik, nikeo, Nikolay Bachiyski, Nilambar Sharma, Onni Hakala, Ozh, Paresh Radadiya, Pascal Birchler, Paul Gibbs, Paul Ryan, Paul Wilde, pavelevap, Pete Nelson, Peter Wilson, PeterRKnight, Philip Arthur Moore, Pippin Williamson, posykrat, pragunbhutani, Rachel Baker, Rami Yushuvaev, rarylson, Rastislav Lamos, rauchg, Ravinder Kumar, RC Lations, Reuben Gunday, Rian Rietveld, Ritesh Patel, Robert Chapin, Robert Dall, Rodrigo Primo, Rommel Castro, Ross Wintle, Rouven Hurling, Ryan Boren, Ryan Marks, Ryan McCue, Ryan Neudorf, Ryan Welcher, Sagar Jadhav, Sal Ferrarello, Samir Shah, santagada, Scott Kingsley Clark, Scott Reilly, Scott Taylor, scribu, scruffian, Sean Hayes, Sebastian, Sergey Biryukov, Shawn Hooper, Sheri Bigelow, Simon Wheatley, Siobhan, Stanko Metodiev, Stephane Daury (stephdau), Stephen Edgar, Steve Grunwell, Steven Word, stuartshields, Sudar Muthu, Sunny Ratilal, taka2, tharsheblows, Thor Brink, Tim Smith, tlexcellent, tmatsuur, TobiasBg, Tomas Mackevicius, TomHarrigan, Toro_Unit (Hiroshi Urabe), Toru Miki, Tracy Levesque, Tryon Eggleston, Ty Carlson, Udit Desai, Umesh Nevase, vivekbhusal, vortfu, Weston Ruter, Will Norris, willgladstone, William Earnhardt, willstedt, Yoav Farhi, Yuri Salame, Zach Wills, Zack Katz, and Zack Tollman.

 

Special thanks go to Siobhan McKeown for producing the release video, Hugo Baeta for the design, and Jack Lenox for the voice-over.

Finally, thanks to all of the contributors who provided subtitles for the release video, which at last count had been translated into 30 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.4!

WordPress 4.2.4 Security and Maintenance Release

Posted August 4, 2015 by Samuel Sidler. Filed under Releases, Security.

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the RC 1 announcement post.

« Newer PostsOlder Posts »

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: