Version 4.1 of WordPress, named “Dinah” in honor of jazz singer Dinah Washington, is available for download or update in your WordPress dashboard. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style.

---

Introducing Twenty Fifteen

Our newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.

Twenty Fifteen has flawless language support, with help from Google’s Noto font family.

The straightforward typography is readable on any screen size.

Your content always takes center stage, whether viewed on a phone, tablet, laptop, or desktop computer.

---

Distraction-free writing

Just write.

Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.

---

The Finer Points

Choose a language

Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.

Log out everywhere

If you’ve ever worried you forgot to sign out from a shared computer, you can now go to your profile and log out everywhere.

Vine embeds

Embedding videos from Vine is as simple as pasting a URL onto its own line in a post. See the full list of supported embeds.

Plugin recommendations

The plugin installer suggests plugins for you to try. Recommendations are based on the plugins you and other users have installed.

---

Under the Hood

Complex Queries

Metadata, date, and term queries now support advanced conditional logic, like nested clauses and multiple operators — A AND ( B OR C ).

Customizer API

The customizer now supports conditionally showing panels and sections based on the page being previewed.

<title> tags in themes

add_theme_support( 'title-tag' ) tells WordPress to handle the complexities of document titles.

Developer Reference

Continued improvements to inline code documentation have made the developer reference more complete than ever.

---

The Choir

This release was led by John Blackbourn, with the help of these awesome folks. Check out some of their profiles while listening to Dinah Washington on the music service of your choice:

Aaron D. Campbell, Aaron Jorbin, Adam Silverstein, akumria, Alex Concha, Alex Mills (Viper007Bond), Alex Shiels, Allan Collins, Amaury Balmer, Amruta Bhosale, Andrea Fercia, Andrea Gandino, Andrew Munro (sumobi), Andrew Nacin, Andrew Ozz,Andrew Ryno, Andrey “Rarst” Savchenko, Ankit Gade, Ankit K Gupta, antpb,arippberger, Austin Matzko, Bainternet, Barry Kooij, Ben Dunkle, Ben May, Bernhard Riedl, Birgir Erlendsson (birgire), bobbingwide, Boone B. Gorges, Brady Vercher,Bram Duvigneau, Brandon Kraft, Brian DiChiara, Brian Richards, Brian Watson,Camden Segal, Captain Theme, Carlos Zuniga, Caspie, ccprice, Charles Fulton,ChriCo, Chris Aprea, Chris Jean, Chris Marslender, Chris Reynolds, chriscct7, chrisl27,Christian Foellmann, Christopher Finke, Corey Snow, Corphi, curtjen, Damon Cook,Dan Cameron, Daniel Bachhuber, Daniel Convissor, Darren Ethier (nerrad), Daryl Koopersmith, Dave McHale, David A. Kennedy, David Herrera, David Laietta, David Wood, DavidTheMachine, dcavins, Dennis Ploetner, Dion Hulse, Dirk Weise, Dominik Schilling, Dominik Schwind, Drew Jaynes, Dustin Filippini, DustinHartzler, Elio Rivero,Eric Binnion, Eric Holmes, Eric Lewis, Fabien Quatravaux, florianziegler, Gabe Shackle, Gary Cao, Gary Pendergast, Gennady Kovshenin, George Olaru, George Stephanis, Greg Rickaby, Gregory Cornelius, Gregory Karpinsky (@tivnet), Gustavo Bordoni, hardy101, hauvong, Helen Hou-Sandí, heshiming, honeysilvas,hugodelgado, Ian Stewart, ianmjones, Ignacio Cruz Moreno, imath, Ipstenu (Mika Epstein), Ivan Kristianto, J.D. Grimes, jaimieolmstead, jakub.tyrcha, janhenckens,Janneke Van Dorpe, Japh, Jared Wenerd, jarednova, jeanyoungkim, Jeff Farthing, Jeff Stieler, Jeremy Felt, Jeremy Herve, Jesin A, Jesper Johansen (jayjdk), Jesper van Engelen, Jesse Pollak, jipmoors, Joe Dolson, Joe McGill, John Eckman, johnrom,johnstonphilip, Jon Brown, Jon Cave, Jonathan Brinley, Jonathan Desrosiers, Joost de Valk, Jordi Cabot, Joshua Abenazer, JOTAKI Taisuke, jrf, julien731, Justin Sainton,Justin Sternberg, K.Adam White, Kailey (trepmal), Kaito, kamelkev, karpstrucking,keesiemeijer, Kelly Dwan, Kevin Langley, Kiko Doran, Kim Parsell, Kirk Wight, kitchin,Knut Sparhell, Konstantin Kovshenin, Konstantin Obenland, Kostas Vrouvas, kraftner,kristastevens, Kurt Payne, Lance Willett, Laurens Offereins, linuxologos, Liuiza Arunas, loushou, Lutz Schroer, Manoz69, mantismamita, marco, Mario Peshev,Marius (Clorith), Mark Hudnall, Mark Jaquith, Mark Senff, Marko Heijnen,marsjaninzmarsa, Matias Ventura, Matt Mullenweg, Matt Wiebe, Matthew Boynes,Matthew Haines-Young, mattkeys, Maura Teal, Mel Choyce, Mert Yazicioglu, Michael Adams (mdawaffe), Michael Arestad, Michael Beckwith, Michael Cain, Michael Pick,michalzuber, Michelle Langston, Miguel Fonseca, Mike Hansen, Mike Jolley, Mike Nelson, Mike Schroder, Mikey Arce, Mitch Canter (studionashvegas), Morgan Estes,Morten Rand-Hendriksen, mvd7793, Nashwan Doaqan, Niall Kennedy, Nick Halsey,Nikhil Vimal (NikV), Nikola Nikolov, nobleclem, noplanman, Nowell VanHoesen,OriginalEXE, p_enrique, Paul, Paul de Wouters, Paul Schreiber, Paul Wilde, pavelevap,Peter Chester, Peter J. Herrel, Peter Westwood, Peter Wilson, Philip Arthur Moore,phpmypython, Pippin Williamson, Prasath Nadarajah, psycleuk, Ptah Dunbar,quietnic, Rachel Baker, Rami Yushuvaev, ramiabraham, Reuben Gunday, Rian Rietveld, Richard Archambault, Ricky Lee Whittemore, Robert Chapin, Rodrigo Primo,Ryan Boren, Ryan Kienstra, Ryan McCue, Sakin Shrestha, Sam Hotchkiss, Samuel Wood (Otto), Scott Kingsley Clark, Scott Reilly, Scott Taylor, Sergey Biryukov, Shawn Hooper, Simon Pollard, Simon Wheatley, skaeser, Slobodan Manic, socki03,solarissmoke, Stephane Daury, Stephen Edgar, Stephen Harris, Steve Grunwell,Sumit Singh, TacoVerdo, Takashi Irie, Takayuki Miyauchi, Tammie, Tareq Hasan,Taylor Lovett, Thorsten Frommen, Till Kruss, Tobias Schutter, TobiasBg, Toby McKes,Tom J Nowell, Tomas Mackevicius, TomHarrigan, Topher, Torsten Landsiedel, Tracy Levesque, transom, Travis Smith, Ty Carlson, Udit Desai, Umesh Kumar, Vinod Dalvi,vlajos, voldemortensen, Weston Ruter, Yoav Farhi, Yuta Sekine, Zack Rothauser, andZack Tollman.

There were 283 contributors to this release, again a new high.

If you want to help out or follow along, check out Make WordPress and our core development blog.

Thanks for choosing WordPress. Happy holidays and see you next year for version 4.2!

Reposted from WordPress.org

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

• Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbournof the WordPress security team.
• A cross-site request forgery that could be used to trick a user into changing their password.
• An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
• Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
• An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
• WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.0.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Reposted from WordPress.org

Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleaderBenny Goodman, is available for download or update in your WordPress dashboard. While 4.0 is just another number for us after 3.9 and before 4.1, we feel we’ve put a little extra polish into it. This release brings you a smoother writing and management experience we think you’ll enjoy.

---

Manage your media with style

Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.

---

Working with embeds has never been easier

Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.

---

Focus on your content

Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.

---

Finding the right plugin

There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.

---

The Ensemble

This release was led by Helen Hou-Sandí, with the help of these fine individuals. There are 275 contributors with props in this release, a new high. Pull up some Benny Goodman on your music service of choice, as a bandleader or in one of his turns as a classical clarinetist, and check out some of their profiles:

_Redd, Aaron D. Campbell, Aaron Jorbin, Adam Silverstein, Alex Mills (Viper007Bond),Alex Shiels, Alexander Rohmann, Alison Barrett, Allan Collins, Amit Gupta, Amy Hendrix (sabreuse), Andrea Fercia, Andres Villarreal, Andrew Mowe, Andrew Nacin,Andrew Ozz, Andy Skelton, Ankit K Gupta, Anton Timmermans, arnee, Aubrey Portwood, Austin Matzko, Ben Dunkle, Bernhard Kau, Boone Gorges, Brady Vercher,bramd, Brandon Kraft, Brian Krogsgard, Brian Layman, Brian Richards, Camden Segal, Carbis, Caroline Moore, Charles Fulton, Chouby, ChriCo, Chris Olbekson,chrisl27, Christian Axelsson, Christopher Finke, Christopher Spires, Clifton Griffin,codenameEli, Corey McKrill, Corphi, Daisuke Takahashi, Dan Griffiths, Daniel Bachhuber, Daniel Husken, Daniel Jalkut (Red Sweater), Danny de Haan, Darin Kotter,Daryl Koopersmith, Daryl L. L. Houston (dllh), David A. Kennedy, David Herrera,David Naber, DavidTheMachine, DeBAAT, Dion Hulse, Dominik Schilling, Donncha O Caoimh, Drew Jaynes, dustyn, Eddie Moya, Eduardo Reveles, Edwin Siebel, ehg,Enrique Chavez, erayalakese, Eric Andrew Lewis, Eric Binnion, Eric Mann, Evan Anderson, Evan Herman, Fabien Quatravaux, Fahmi Adib, feedmeastraycat, Frank Klein, garhdez, Gary Cao, Gary Jones, Gary Pendergast, garza, gauravmittal1995,Gavrisimo, George Stephanis, Graham Armfield, Grant Mangham, Gregory Cornelius,Gustavo Bordoni, harrym, hebbet, Hinnerk Altenburg, Hugh Lashbrooke, iljoja,imath, Ipstenu (Mika Epstein), issuu, J.D. Grimes, Jack Lenox, Jack Reichert, Jacob Dubail, JanHenkG, Janneke Van Dorpe, Jaza613, Jeff Stieler, Jeremy Felt, Jeremy Pry,Jeroen Schmit, Jerry Bates (jerrysarcastic), Jesin A, Jesper Johansen (jayjdk), Jesper van Engelen, Jesper van Engelen, Jesse Pollak, jgadbois, Joan Artes, Joe Dolson, Joe Hoyle,Joey Kudish, John Blackbourn, John James Jacoby, John Zanussi, Jon Cave, jonnyauk,Joost de Valk, Jordi Cabot, Josh Eaton, JOTAKI Taisuke, Julio Potier, Justin Sainton,Justin Sternberg, Justin Tadlock, jwenerd, K.Adam White, Kailey (trepmal), Kaito,kapeels, Kelly Dwan, Kevin Langley, Kevin Worthington, Kim Parsell, Kirk Wight,kitchin, Knut Sparhell, Konstantin Kovshenin, Konstantin Obenland, Kurt Payne,Lance Willett, Lee Willis, lessbloat, Lew Ayotte, lritter, Luke Gedeon, m_i_n, Manny Fleurmond, Manuel Schmalstieg, Marius Jensen (Clorith), Mark Jaquith, Marko Heijnen, Matt Banks, Matt Martz, Matt Mullenweg, Matt Wiebe, Matthew Boynes,Matthew Denton, Matthew Eppelsheimer, Matthew Haines-Young, mattyrob,meekyhwang, Mel Choyce, mi_cat, Michael Adams (mdawaffe), michalzuber, Mike Auteri, Mike Hansen, Mike Little, Mike Manger, Mike Schroder, mikejolley, mikeyarce,Milan Dinic, mnelson4, Morgan Estes, Mr Papa, mrmist, Mustafa Uysal, MuViMoTV,nabil_kadimi, Namibia, Nashwan Doaqan, nd987, Neil Pie, Niall Kennedy, Nick Halsey, Nikolay Bachiyski, Nils Schonwald, Ninos, Nowell VanHoesen, Patrick Hesselberg, Paul Bearne, Paul Clark, Paul Wilde, paulschreiber, pavelevap, Peter Westwood, Philip Arthur Moore, Philip John, Piet, Piotr Soluch, Pippin Williamson,purzlbaum, Rachel Baker, RC Lations, Richard Tape, Ricky Lee Whittemore, rob1n,Robert Chapin, Robert Dall, RobertHarm, Rohan Rawat, Rouven Hurling, Ruud Laan,Ryan Boren, Ryan McCue, Sam Brodie, Samuel Wood (Otto), sathishn, Scott Reilly,Scott Taylor, ScreenfeedFr, scribu, Sean Hayes, Sean Nessworthy, Sergej Muller,Sergey Biryukov, shanebp, Shaun Andrews, Simon Wheatley, simonp303, Slobodan Manic, solarissmoke, sphoid, Stephane Daury, Stephen Edgar, Steven Jones,strangerstudios, Sumit Singh, sumobi, t4k1s, Takashi Irie, Taylor Dewey, Thomas van der Beek, Till Kruss, TobiasBg, Tom J Nowell, Tom Willmot, Topher, torresga, Tracy Levesque, Travis Smith, treyhunner, Umesh Kumar, Vinod Dalvi, vlajos,voldemortensen, Weston Ruter, winterDev, Wojtek Szkutnik, Yoav Farhi, Zack Katz,Zack Tollman, and Zoe Rooney. Also thanks to Michael Pick for producing the release video, and Helen with Adrián Sandí for the music.

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.1!

Reposted from WordPress.org

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.

WordPress 3.9.2 also contains other security changes:

• Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
• Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
• Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
• Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 or venture over to Dashboard → Updates and simply click “Update Now”.

Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also be updated to 3.8.4 or 3.7.4. We don’t support older versions, so please update to 3.9.2 for the latest and greatest.)

Reposted from WordPress.org

After three weeks and more than 9 million downloads of WordPress 3.9, we’re pleased to announce that WordPress 3.9.1 is now available.

This maintenance release fixes 34 bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor. We’ve also made some improvements to the new audio/video playlists feature and made some adjustments to improve performance. For a full list of changes, consult the list of tickets and the changelog.

If you are one of the millions already running WordPress 3.9, we’ve started rolling out automatic background updates for 3.9.1. For sites that support them, of course.

Download WordPress 3.9.1 or venture over to Dashboard → Updates and simply click “Update Now.”

Thanks to all of these fine individuals for contributing to 3.9.1: Aaron Jorbin, Andrew Nacin, Andrew Ozz, Brian Richards, Chris Blower, Corey McKrill, Daniel Bachhuber,Dominik Schilling, feedmeastraycat, Gregory Cornelius, Helen Hou-Sandi, imath,Janneke Van Dorpe, Jeremy Felt, John Blackbourn, Konstantin Obenland, Lance Willett, m_i_n, Marius Jensen, Mark Jaquith, Milan Dinić, Nick Halsey, pavelevap, Scott Taylor, Sergey Biryukov, and Weston Ruter.

Reposted from WordPress.org