Blog

WordPress 4.3 “Billie”

Version 4.3 of WordPress, named “Billie” in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard. New features in 4.3 make it even easier to format your content and customize your site.


Menus in the Customizer

Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.


Formatting Shortcuts

Video Player

Your writing flow just got faster with new formatting shortcuts in WordPress 4.3. Use asterisks to create lists and number signs to make a heading. No more breaking your flow; your text looks great with a * and a #.


Site Icons

Site icons represent your site in browser tabs, bookmark menus, and on the home screen of mobile devices. Add your unique site icon in the customizer; it will even stay in place when you switch themes. Make your whole site reflect your brand.


Better Passwords

Keep your site more secure with WordPress’ improved approach to passwords. Instead of receiving passwords via email, you’ll get a password reset link. When you add new users to your site or edit a user profile, WordPress will automatically generate a secure password.


Other improvements

  • A smoother admin experience – Refinements to the list view across the admin make your WordPress more accessible and easier to work with on any device.
  • Comments turned off on pages – All new pages that you create will have comments turned off. Keep discussions to your blog, right where they’re supposed to happen.
  • Customize your site quickly – Wherever you are on the front-end, you can click the customize link in the toolbar to swiftly make changes to your site.

The Team

Konstantin ObenlandThis release was led by Konstantin Obenland, with the help of these fine individuals. There are 246 contributors with props in this release. Pull up some Billie Holiday on your music service of choice, and check out some of their profiles:

@mercime, Aaron D. Campbell, Aaron Jorbin, Adam Heckler, Adam Silverstein, Aki Bjorklund, Alex Kirk, Alex Mills (Viper007Bond), Alex Shiels, Alin Marcu, andfinally,Andrea Fercia, Andrea Gandino, Andrew Nacin, Andrew Ozz, Andy Fragen, Ankit K Gupta, Anthony Burchell, anubisthejackle, Aram Zucker-Scharff, Arjun S Kumar,avnarun, Bad Feather, Ben Cole, Ben Dunkle, BinaryKitten, Birgir Erlendsson (birgire),Bjorn Johansen, bolo1988, Boone B. Gorges, Brad Touesnard, Bram Duvigneau,Brandon Kraft, Brian Krogsgard, Brian Layman, Caleb Burks, CalEvans, Chase Wiseman, Chip Bennett, Chouby, Chris Olbekson, chriscct7, Clement Biron, Craig Ralston, Daniel Bachhuber, Daniel Jalkut (Red Sweater), Daniele Mte90 Scasciafratte,daniluk4000, Dave McHale, DaveAl, David A. Kennedy, David Herrera, daxelrod,Denis de Bernardy, Dennis Ploetner, Derek Herman, Dion Hulse, dipesh.kakadiya,dmsnell, Dominik Schilling, Drew Jaynes, Dzikri Aziz, eclev91, eligijus, Elio Rivero, Ella Iseulde Van Dorpe, Eric Andrew Lewis, Eric Binnion, Eric Mann, Fabien Quatravaux,Felix Arntz, francoeurdavid, Frank Klein, gabrielperezs, Garth Mortensen, Gary Jones,Gary Pendergast, George Stephanis, glennm, gtuk, hailin, hauvong, Helen Hou-Sandí,henrikakselsen, Hinaloe, Hrishikesh Vaipurkar, Hugo Baeta, Iain Poulson, imath,Ipstenu (Mika Epstein), isaacchapman, izem, J.D. Grimes, Jack Lenox, jadpm,jamesgol, jancbeck, Jeff Farthing, Jeremy Felt, Jeremy Pry, Jeremy Ward, Jesin A,jipmoors, Joe Dolson, Joe Hoyle, Joe McGill, Joey Kudish, John Blackbourn, John James Jacoby, John Leschinski, Joost de Valk, Jpyper, jrf, Julio Potier, Justin Sternberg, Kai,karinchristen, karpstrucking, Kelly Dwan, Kevin Koehler, kitchin, Kite, Konstantin Kovshenin, Lance Willett, Lee Willis, Leo Gopal, loushou, Lumaraf, Marin Atanasov,Mario Peshev, Marius (Clorith), Mark Jaquith, Marko Heijnen, marsjaninzmarsa,martinsachse, Matt Mullenweg, Matt van Andel, Matt Wiebe, mattyrob, maxxsnake,Mel Choyce, Michael, Michael Adams (mdawaffe), Michael Arestad,michaelryanmcneill, Mickey Kay, mihai, Mike Hansen, Mike Nelson, Mike Schroder,Milan Dinic, Morgan Estes, mrutz, nabil_kadimi, Naoko Takano, Nazmul Hossain Nihal, nicholas_io, Nick Halsey, Nick Momrik, Nikolay Bachiyski, Nilambar Sharma,Onni Hakala, Ozh, Paresh Radadiya, Pascal Birchler, Paul Gibbs, Paul Wilde,pavelevap, Pete Nelson, Peter Wilson, PeterRKnight, Philip Arthur Moore, Pippin Williamson, pragunbhutani, Rachel Baker, Rami Yushuvaev, rarylson, Rastislav Lamos, rauchg, Ravinder Kumar, RC Lations, Reuben Gunday, Rian Rietveld, Ritesh Patel, Robert Chapin, Robert Dall, Rodrigo Primo, Rommel Castro, Ross Wintle,Rouven Hurling, Ryan Boren, Ryan Marks, Ryan McCue, Ryan Neudorf, Ryan Welcher,Sagar Jadhav, Sal Ferrarello, Samir Shah, santagada, Scott Kingsley Clark, Scott Reilly,Scott Taylor, scribu, scruffian, Sean Hayes, Sebastian, Sergey Biryukov, Shawn Hooper, Sheri Bigelow, Simon Wheatley, Siobhan, Stanko Metodiev, Stephane Daury (stephdau), Stephen Edgar, Steve Grunwell, Steven Word, stuartshields, Sudar, Sunny Ratilal, taka2, tharsheblows, Thor Brink, Tim Smith, tlexcellent, tmatsuur, TobiasBg,Tomas Mackevicius, TomHarrigan, Toro_Unit (Hiroshi Urabe), Toru Miki, Tracy (LilJimmi) Levesque, Tryon Eggleston, Ty Carlson, Udit Desai, vivekbhusal, Weston Ruter, Will Norris, willgladstone, William Earnhardt, willstedt, WPMU DEV Jose, Yoav Farhi, Yuri Salame, Zach Wills, Zack Katz, and Zack Tollman.

 

Special thanks go to Siobhan McKeown for producing the release video, Hugo Baetafor the design, and Jack Lenox for the voice-over.

Finally, thanks to all of the contributors who provided subtitles for the release video, which at last count had been translated into 30 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.4!

Reposted from WordPress.org

WordPress 4.2.4 Security and Maintenance Release

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the RC 1 announcement post.

Reposted from WordPress.org

WordPress 4.2.3 Security and Maintenance Release

WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.

Thanks to everyone who contributed to 4.2.3:

Aaron Jorbin, Andrew Nacin, Andrew Ozz, Boone Gorges, Chris Christoff, Dion Hulse, Dominik Schilling, Ella Iseulde Van Dorpe, Gabriel Pérez, Gary Pendergast, Mike Adams, Robert Chapin, Nikolay Bachiyski, Ross Wintle, and Scott Taylor.

Reposted from WordPress.org

WordPress 4.2.2 Security and Maintenance Release

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

  • The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
  • WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

Thanks to everyone who contributed to 4.2.2:

Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt.

Reposted from WordPress.org

WordPress 4.2.1 Security Release

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Reposted from WordPress.org


Wordpress

WordPress 4.3 “Billie”

New features in 4.3 make it even easier to format your content and customize your site.…

More in Wordpress

Security

Passwords and Passphrases, you’re most common security measure

The first and most common piece of security everyone is aware of and using is a password or hopefull…

More in Security
Bear