Blog | 7th Circle Designs

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

Don’t treat localhost as same host by default.
Use safe redirects when redirecting the login page if SSL is forced.
Make sure the version string is correctly escaped for use in generator tags.

Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:

The previous styles on caption shortcodes have been restored.
Cropping on touch screen devices is now supported.
A variety of strings such as error messages have been updated for better clarity.
The position of an attachment placeholder during uploads has been fixed.
Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
Improved compatibility with PHP 7.2.

Download WordPress 4.9.5 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Subscribe to get new posts in your mailbox.

WordPress 4.9.4 Maintenance Release

This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require action from you (or your host) for it to be updated to 4.9.4.

Four years ago with WordPress 3.7, we added the ability for WordPress to self-update, keeping your website secure and bug-free, even when you weren’t available to do it yourself. For four years it’s helped keep millions of installs updated with very few issues over that time. Unfortunately yesterdays 4.9.3 release contained a severe bug which was only discovered after release. The bug will cause WordPress to encounter an error when it attempts to update itself to WordPress 4.9.4, and will require an update to be performed through the WordPress dashboard or hosts update tools.

WordPress managed hosting companies who install updates automatically for their customers can install the update as normal, and we’ll be working with other hosts to ensure that as many customers of theirs who can be automatically updated to WordPress 4.9.4 can be.

For more technical details of the issue, we’ve posted on our Core Development blog. For a full list of changes, consult the list of tickets.

Download WordPress 4.9.4 or visit Dashboard → Updates and click “Update Now.”

Subscribe to get new posts in your mailbox.

WordPress 4.9.3 Maintenance Release

WordPress 4.9.3 is now available.

This maintenance release fixes 34 bugs in 4.9, including fixes for Customizer changesets, widgets, visual editor, and PHP 7.2 compatibility. For a full list of changes, consult the list of tickets and the changelog.

Download WordPress 4.9.3 or visit Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Subscribe to get new posts in your mailbox.

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.

MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.

Thank you to the reporters of this issue for practicing responsible security disclosure: Enguerran Gillier and Widiz.

21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:

JavaScript errors that prevented saving posts in Firefox have been fixed.
The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.

The Codex has more information about all of the issues fixed in 4.9.2, if you’d like to learn more.

Download WordPress 4.9.2 or venture over to Dashboard ? Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Subscribe to get new posts in your mailbox.

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

Use a properly generated hash for the newbloguser key instead of a determinate substring.
Add escaping to the language attributes used on html elements.
Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Thank you to the reporters of these issues for practicing responsible security disclosure: Rahul Pratap Singh and John Blackbourn.

Eleven other bugs were fixed in WordPress 4.9.1. Particularly of note were:

Issues relating to the caching of theme template files.
A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
The inability to edit theme and plugin files on Windows based servers.

Download WordPress 4.9.1 or venture over to Dashboard → Updates and click “Update Now.” Sites that support automatic background updates are already beginning to update automatically.

Subscribe to get new posts in your mailbox.

WordPress 4.9 “Tipton”

Major Customizer Improvements, Code Error Checking, and More! ??

Version 4.9 of WordPress, named “Tipton” in honor of jazz musician and band leader Billy Tipton, is available for download or update in your WordPress dashboard. New features in 4.9 will smooth your design workflow and keep you safe from coding errors.

Featuring design drafts, scheduling, and locking, along with preview links, the Customizer workflow improves collaboration for content creators. What’s more, code syntax highlighting and error checking will make for a clean and smooth site building experience. Finally, if all that wasn’t pretty great, we’ve got an awesome new Gallery widget and improvements to theme browsing and switching.

Customizer Workflow Improved

Draft and Schedule Site Design Customizations

Yes, you read that right. Just like you can draft and revise posts and schedule them to go live on the date and time you choose, you can now tinker with your site’s design and schedule those design changes to go live as you please.

Collaborate with Design Preview Links

Need to get some feedback on proposed site design changes? WordPress 4.9 gives you a preview link you can send to colleagues and customers so that you can collect and integrate feedback before you schedule the changes to go live. Can we say collaboration++?

Design Locking Guards Your Changes

Ever encounter a scenario where two designers walk into a project and designer A overrides designer B’s beautiful changes? WordPress 4.9’s design lock feature (similar to post locking) secures your draft design so that no one can make changes to it or erase all your hard work.

A Prompt to Protect Your Work

Were you lured away from your desk before you saved your new draft design? Fear not, when you return, WordPress 4.9 will politely ask whether or not you’d like to save your unsaved changes.

Coding Enhancements

Syntax Highlighting and Error Checking? Yes, Please!

You’ve got a display problem but can’t quite figure out exactly what went wrong in the CSS you lovingly wrote. With syntax highlighting and error checking for CSS editing and the Custom HTML widget introduced in WordPress 4.8.1, you’ll pinpoint coding errors quickly. Practically guaranteed to help you scan code more easily, and suss out & fix code errors quickly.

Sandbox for Safety

The dreaded white screen. You’ll avoid it when working on themes and plugin code because WordPress 4.9 will warn you about saving an error. You’ll sleep better at night.

Warning: Potential Danger Ahead!

When you edit themes and plugins directly, WordPress 4.9 will politely warn you that this is a dangerous practice and will recommend that you draft and test changes before updating your file. Take the safe route: You’ll thank you. Your team and customers will thank you.

Even More Widget Updates

The New Gallery Widget

An incremental improvement to the media changes hatched in WordPress 4.8, you can now add a gallery via this new widget. Yes!

Press a Button, Add Media

Want to add media to your text widget? Embed images, video, and audio directly into the widget along with your text, with our simple but useful Add Media button. Woo!

Site Building Improvements

More Reliable Theme Switching

When you switch themes, widgets sometimes think they can just move location. Improvements in WordPress 4.9 offer more persistent menu and widget placement when you decide it’s time for a new theme.

Find and Preview the Perfect Theme

Looking for a new theme for your site? Now, from within the Customizer, you can search, browse, and preview over 2600 themes before deploying changes to your site. What’s more, you can speed your search with filters for subject, features, and layout.

Better Menu Instructions = Less Confusion

Were you confused by the steps to create a new menu? Perhaps no longer! We’ve ironed out the UX for a smoother menu creation process. Newly updated copy will guide you.

Lend a Hand with Gutenberg ??

WordPress is working on a new way to create and control your content and we’d love to have your help. Interested in being an early tester or getting involved with the Gutenberg project? Contribute on GitHub.

(PS: this post was written in Gutenberg!)

Developer Happiness ??

Customizer JS API Improvements

We’ve made numerous improvements to the Customizer JS API in WordPress 4.9, eliminating many pain points. (Hello, default parameters for constructs! Goodbye repeated ID for constructs!) There are also new base control templates, a date/time control, and section/panel/global notifications to name a few. Check out the full list.

CodeMirror available for use in your themes and plugins

We’ve introduced a new code editing library, CodeMirror, for use within core. CodeMirror allows for syntax highlighting, error checking, and validation when creating code writing or editing experiences within your plugins, like CSS or JavaScript include fields.

MediaElement.js upgraded to 4.2.6

WordPress 4.9 includes an upgraded version of MediaElement.js, which removes dependencies on jQuery, improves accessibility, modernizes the UI, and fixes many bugs.

Roles and Capabilities Improvements

New capabilities have been introduced that allow granular management of plugins and translation files. In addition, the site switching process in multisite has been fine-tuned to update the available roles and capabilities in a more reliable and coherent way.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.8.3 Security Release

WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.

This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.

Thank you to the reporter of this issue for practicing responsible disclosure.

Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.

Subscribe to get new posts in your mailbox.

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.8.1 and earlier are affected by these security issues:

$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco
A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).

Thank you to the reporters of these issues for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.8.2 contains 6 maintenance fixes to the 4.8 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.8.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.2.

Thanks to everyone who contributed to 4.8.2.

Subscribe to get new posts in your mailbox.

WordPress 4.8.1 Maintenance Release

After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.

This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.

Download WordPress 4.8.1 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.8.1.

Subscribe to get new posts in your mailbox.

WordPress 4.8 “Evans”

An Update with You in Mind

Gear up for a more intuitive WordPress!

Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.

Though some updates seem minor, they’ve been built by hundreds of contributors with you in mind. Get ready for new features you’ll welcome like an old friend: link improvements, three new media widgets covering images, audio, and video, an updated text widget that supports visual editing, and an upgraded news section in your dashboard which brings in nearby and upcoming WordPress events.

Exciting Widget Updates

Image Widget

Adding an image to a widget is now a simple task that is achievable for any WordPress user without needing to know code. Simply insert your image right within the widget settings. Try adding something like a headshot or a photo of your latest weekend adventure — and see it appear automatically.

Video Widget

A welcome video is a great way to humanize the branding of your website. You can now add any video from the Media Library to a sidebar on your site with the new Video widget. Use this to showcase a welcome video to introduce visitors to your site or promote your latest and greatest content.

Audio Widget

Are you a podcaster, musician, or avid blogger? Adding a widget with your audio file has never been easier. Upload your audio file to the Media Library, go to the widget settings, select your file, and you’re ready for listeners. This would be a easy way to add a more personal welcome message, too!

Rich Text Widget

This feature deserves a parade down the center of town! Rich-text editing capabilities are now native for Text widgets. Add a widget anywhere and format away. Create lists, add emphasis, and quickly and easily insert links. Have fun with your newfound formatting powers, and watch what you can accomplish in a short amount of time.

Link Boundaries

Have you ever tried updating a link, or the text around a link, and found you can’t seem to edit it correctly? When you edit the text after the link, your new text also ends up linked. Or you edit the text in the link, but your text ends up outside of it. This can be frustrating! With link boundaries, a great new feature, the process is streamlined and your links will work well. You’ll be happier. We promise.

Nearby WordPress Events

Did you know that WordPress has a thriving offline community with groups meeting regularly in more than 400 cities around the world? WordPress now draws your attention to the events that help you continue improving your WordPress skills, meet friends, and, of course, publish!

This is quickly becoming one of our favorite features. While you are in the dashboard (because you’re running updates and writing posts, right?) all upcoming WordCamps and official WordPress Meetups — local to you — will be displayed.

Being part of the community can help you improve your WordPress skills and network with people you wouldn’t otherwise meet. Now you can easily find your local events just by logging in to your dashboard and looking at the new Events and News dashboard widget.

Even More Developer Happiness ??

More Accessible Admin Panel Headings

New CSS rules mean extraneous content (like “Add New” links) no longer need to be included in admin-area headings. These panel headings improve the experience for people using assistive technologies.

Removal of Core Support for WMV and WMA Files

As fewer and fewer browsers support Silverlight, file formats which require the presence of the Silverlight plugin are being removed from core support. Files will still display as a download link, but will no longer be embedded automatically.

Multisite Updates

New capabilities have been introduced to 4.8 with an eye towards removing calls to
is_super_admin(). Additionally, new hooks and tweaks to more granularly control site and user counts per network have been added.

Text-Editor JavaScript API

With the addition of TinyMCE to the text widget in 4.8 comes a new JavaScript API for instantiating the editor after page load. This can be used to add an editor instance to any text area, and customize it with buttons and functions. Great for plugin authors!

Media Widgets API

The introduction of a new base media widget REST API schema to 4.8 opens up possibilities for even more media widgets (like galleries or playlists) in the future. The three new media widgets are powered by a shared base class that covers most of the interactions with the media modal. That class also makes it easier to create new media widgets and paves the way for more to come.

Customizer Width Variable

Rejoice! New responsive breakpoints have been added to the customizer sidebar to make it wider on high-resolution screens. Customizer controls should use percentage-based widths instead of pixels.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.4 and earlier are affected by six security issues:

Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Thank you to the reporters of these issues for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.5 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.

Subscribe to get new posts in your mailbox.

WordPress 4.7.4 Maintenance Release

After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release.

This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes.

Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4.

Subscribe to get new posts in your mailbox.

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.2 and earlier are affected by six security issues:

Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
Unintended files can be deleted by administrators using the plugin deletion functionality. Reported by TrigInc and xuliang.
Cross-site scripting (XSS) via video URL in YouTube embeds. Reported by Marc Montpas.
Cross-site scripting (XSS) via taxonomy term names. Reported by Delta.
Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. Reported by Sipke Mellema.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.3.

Subscribe to get new posts in your mailbox.

WordPress 4.7.2 Security Release

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.1 and earlier are affected by three security issues:

The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint. Reported by Marc-Alexandre Montpas of Sucuri Security. *

Thank you to the reporters of these issues for practicing responsible disclosure.

Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.

Thanks to everyone who contributed to 4.7.2.

* Update: An additional serious vulnerability was fixed in this release and public disclosure was delayed. For more information on this vulnerability, additional mitigation steps taken, and an explanation for why disclosure was delayed, please read Disclosure of Additional Security Fix in WordPress 4.7.2.

Subscribe to get new posts in your mailbox.

WordPress 4.7.1 Security and Maintenance Release

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:

Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.
The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
Weak cryptographic security for multisite activation key. Reported by Jack.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.1.

Subscribe to get new posts in your mailbox.

WordPress 4.7 “Vaughan”

Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is available for download or update in your WordPress dashboard. New features in 4.7 help you get your site set up the way you want it.

Presenting Twenty Seventeen

A brand new default theme brings your site to life with immersive featured images and video headers.

WordPress 4.7 “Vaughan”

Twenty Seventeen focuses on business sites and features a customizable front page with multiple sections. Personalize it with widgets, navigation, social menus, a logo, custom colors, and more. Our default theme for 2017 works great in many languages, on any device, and for a wide range of users.

Your Site, Your Way

WordPress 4.7 adds new features to the customizer to help take you through the initial setup of a theme, with non-destructive live previews of all your changes in one uninterrupted workflow.

Theme Starter Content

Video Player

00:00

00:20

To help give you a solid base to build from, individual themes can provide starter content that appears when you go to customize your brand new site. This can range from placing a business information widget in the best location to providing a sample menu with social icon links to a static front page complete with beautiful images. Don’t worry – nothing new will appear on the live site until you’re ready to save and publish your initial theme setup.

Edit Shortcuts

Video Player

00:00

00:07

Visible icons appear to show you which parts of your site can be customized while live previewing. Click on a shortcut and get straight to editing. Paired with starter content, getting started with customizing your site is faster than ever.

Video Headers

Video Player

00:00

00:10

Sometimes a big atmospheric video as a moving header image is just what you need to showcase your wares; go ahead and try it out with Twenty Seventeen. Need some video inspiration? Try searching for sites with video headers available for download and use.

Smoother Menu Building

Many menus for sites contain links to the pages of your site, but what happens when you don’t have any pages yet? Now you can add new pages while building menus instead of leaving the customizer and abandoning your changes. Once you’ve published your customizations, you’ll have new pages ready for you to fill with content.

Custom CSS

WordPress 4.7 “Vaughan”

Sometimes you just need a few visual tweaks to make your site perfect. WordPress 4.7 allows you to add custom CSS and instantly see how your changes affect your site. The live preview allows you to work quickly without page refreshes slowing you down.

PDF Thumbnail Previews

WordPress 4.7 “Vaughan”

Managing your document collection is easier with WordPress 4.7. Uploading PDFs will generate thumbnail images so you can more easily distinguish between all your documents.

Dashboard in your language

WordPress 4.7 “Vaughan”

Just because your site is in one language doesn’t mean that everybody helping manage it prefers that language for their admin. Add more languages to your site and a user language option will show up in your user’s profiles.

Introducing REST API Content Endpoints

WordPress 4.7 comes with REST API endpoints for posts, comments, terms, users, meta, and settings.

Content endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, paving the way for new and innovative methods of interacting with sites through plugins, themes, apps, and beyond. Ready to get started with development? Check out the REST API reference.

Even More Developer Happiness

Post Type Templates

By opening up the page template functionality to all post types, theme developers have even more flexibility with the WordPress template hierarchy.

More Theme API Goodies

WordPress 4.7 includes new functions, hooks, and behavior for theme developers.

Custom Bulk Actions

List tables, now with more than bulk edit and delete.

`WP_Hook`

The code that lies beneath actions and filters has been overhauled and modernized, fixing bugs along the way.

Settings Registration API

register_setting() has been enhanced to include type, description, and REST API visibility.

Customize Changesets

Customize changesets make changes in the customizer persistent, like autosave drafts. They also make exciting new features like starter content possible.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.6.1 Security and Maintenance Release

WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.6.1 fixes 15 bugs from 4.6. For more information, see the release notes or consult the list of changes.

Download WordPress 4.6.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.6.1.

Subscribe to get new posts in your mailbox.

WordPress 4.6 “Pepper”

Version 4.6 of WordPress, named “Pepper” in honor of jazz baritone saxophonist Park Frederick “Pepper” Adams III, is available for download or update in your WordPress dashboard. New features in 4.6 help you to focus on the important things while feeling more at home.

Streamlined Updates

WordPress 4.6 “Pepper”

Don’t lose your place: stay on the same page while you update, install, and delete your plugins and themes.

Native Fonts

WordPress 4.6 “Pepper”

The WordPress dashboard now takes advantage of the fonts you already have, making it load faster and letting you feel more at home on whatever device you use.

Editor Improvements

Inline Link Checker

WordPress 4.6 “Pepper”

Ever accidentally made a link to Now WordPress automatically checks to make sure you didn’t.

Content Recovery

WordPress 4.6 “Pepper”

As you type, WordPress saves your content to the browser. Recovering saved content is even easier with WordPress 4.6.

Under The Hood

Resource Hints

Resource hints help browsers decide which resources to fetch and preprocess. WordPress 4.6 adds them automatically for your styles and scripts making your site even faster.

Robust Requests

The HTTP API now leverages the Requests library, improving HTTP standard support and adding case-insensitive headers, parallel HTTP requests, and support for Internationalized Domain Names.

`WP_Term_Query` and `WP_Post_Type`

A new WP_Term_Query class adds flexibility to query term information while a new WP_Post_Type object makes interacting with post types more predictable.

Meta Registration API

The Meta Registration API has been expanded to support types, descriptions, and REST API visibility.

Translations On Demand

WordPress will install and use the newest language packs for your plugins and themes as soon as they’re available from WordPress.org’s community of translators.

JavaScript Library Updates

Masonry 3.3.2, imagesLoaded 3.2.0, MediaElement.js 2.22.0, TinyMCE 4.4.1, and Backbone.js 1.3.3 are bundled.

Customizer APIs for Setting Validation and Notifications

Settings now have an API for enforcing validation constraints. Likewise, customizer controls now support notifications, which are used to display validation errors instead of failing silently.

Multisite, now faster than ever

Cached and comprehensive site queries improve your network admin experience. The addition of WP_Site_Query and WP_Network_Query help craft advanced queries with less effort.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.5.3 Maintenance and Security Release

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.5.3 fixes 17 bugs from 4.5, 4.5.1 and 4.5.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.5.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.3.

Subscribe to get new posts in your mailbox.

WordPress 4.5.2 Security Release

WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coordinate and fix these issues.

Download WordPress 4.5.2 or venture over to Dashboard ? Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.2.

Subscribe to get new posts in your mailbox.

WordPress 4.5.1 Maintenance Release

After about six million downloads of WordPress 4.5, we are pleased to announce the immediate availability of WordPress 4.5.1, a maintenance release.

We strongly encourage you to update your sites immediately.

This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes or consult the list of changes.

Subscribe to get new posts in your mailbox.

WordPress 4.5 “Coleman”

Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site.

Editing Improvements

illustration-short-inlinelinks

Inline Linking

Stay focused on your writing with a less distracting interface that keeps you in place and allows you to easily link to your content.

editing-shortcuts-big

Formatting Shortcuts

Do you enjoy using formatting shortcuts for lists and headings? Now they’re even more useful, with horizontal lines and <code>.

Customization Improvements

illustration-short-responsive-preview

Live Responsive Previews

Make sure your site looks great on all screens! Preview mobile, tablet, and desktop views directly in the customizer.

WordPress 4.5 “Coleman”

Custom Logos

Themes can now support logos for your business or brand. Try it out with Twenty Sixteen and Twenty Fifteen in the Site Identity section of the customizer.

Under the Hood

Smart Image Resizing

Generated images now load up to 50% faster with no noticeable quality loss. It’s really cool.

Selective Refresh

The customizer now supports a comprehensive framework for rendering parts of the preview without rewriting your PHP code in JavaScript.

Script Loader Improvements

Better support has been added for script header/footer dependencies. New wp_add_inline_script() enables adding extra code to registered scripts.

Better Embed Templates

Embed templates have been split into parts and can be directly overridden by themes via the template hierarchy.

JavaScript Library Updates

jQuery 1.12.3, jQuery Migrate 1.4.0, Backbone 1.2.3, and Underscore 1.8.3 are bundled.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.4.2 Security and Maintenance Release

WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised.

For more details about what was fixed check out the details.

Subscribe to get new posts in your mailbox.

WordPress 4.4.1 Security and Maintenance Release

WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised.

For more details about what was fixed check out the details.

Subscribe to get new posts in your mailbox.

Graph Paper Press

Graph Paper Press is a small team of web designers and developers based in Brooklyn, NY who build graphically minimal WordPress themes for photographers, artists and entrepreneurs. Their content-rich designs allow you to create a blog, build a portfolio and sell your photography or artwork online in one place! They offer a variety of free WordPress themes and premium WordPress themes that cater specifically to the needs of creatives. Getting started is easy:

Register an account with Graph Paper Press.
Browse and find a theme you love!
Download it and follow the installation instructions!

Effortless Customization

Graph Paper Press has dozens of WordPress themes and plugins that are both easy to use and customize. Their themes allow you to change fonts, colors, backgrounds, headers, menus, insert logos and create slideshows so that your site is exactly what you want it to be.

E-Commerce Ready

Graph Paper Press also makes a free plugin called Sell Media that allows you to sell photos, prints and other media directly through your WordPress site. Coupled with its many extensions, Sell Media becomes an easy platform through which you can track sales, calculate commissions, protect your work and connect with your customers. It’s a sure-fire way to create and manage a photography business through WordPress. Install Sell Media and voila! You’re running a business!

Final Words…

Sometimes things just don’t work out, and that’s okay. Graph Paper Press offers a 30-day, money-back guarantee on all of their products.

Use this coupon code and save 25%

SAVE25TODAY

Get Started Now

WordPress 4.3 “Billie”

Version 4.3 of WordPress, named “Billie” in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard. New features in 4.3 make it even easier to format your content and customize your site.

Menus in the Customizer

Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.

Formatting Shortcuts

Video Player

Your writing flow just got faster with new formatting shortcuts in WordPress 4.3. Use asterisks to create lists and number signs to make a heading. No more breaking your flow; your text looks great with a * and a #.

Site Icons

Site icons represent your site in browser tabs, bookmark menus, and on the home screen of mobile devices. Add your unique site icon in the customizer; it will even stay in place when you switch themes. Make your whole site reflect your brand.

Better Passwords

Keep your site more secure with WordPress’ improved approach to passwords. Instead of receiving passwords via email, you’ll get a password reset link. When you add new users to your site or edit a user profile, WordPress will automatically generate a secure password.

Other improvements

A smoother admin experience – Refinements to the list view across the admin make your WordPress more accessible and easier to work with on any device.
Comments turned off on pages – All new pages that you create will have comments turned off. Keep discussions to your blog, right where they’re supposed to happen.
Customize your site quickly – Wherever you are on the front-end, you can click the customize link in the toolbar to swiftly make changes to your site.

The Team

Special thanks go to Siobhan McKeown for producing the release video, Hugo Baeta for the design, and Jack Lenox for the voice-over.

Finally, thanks to all of the contributors who provided subtitles for the release video, which at last count had been translated into 30 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.4!

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.2.4 Security and Maintenance Release

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard ? Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the RC 1 announcement post.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.2.3 Security and Maintenance Release

WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.3 or venture over to Dashboard ? Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.2.2 Security and Maintenance Release

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Version 4.2.2 addresses two security issues:

The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.2 or venture over to Dashboard ? Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.2.1 Security Release

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard ? Updates and simply click “Update Now”.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.2 “Powell”

Version 4.2 of WordPress, named “Powell” in honor of jazz pianist Bud Powell, is available for download or update in your WordPress dashboard. New features in 4.2 help you communicate and share, globally.

Introducing WordPress 4.2 “Powell”

An easier way to share content

Clip it, edit it, publish it. Get familiar with the new and improved Press This. From the Tools menu, add Press This to your browser bookmark bar or your mobile device home screen. Once installed you can share your content with lightning speed. Sharing your favorite videos, images, and content has never been this fast or this easy.

Extended character support

Writing in WordPress, whatever your language, just got better. WordPress 4.2 supports a host of new characters out-of-the-box, including native Chinese, Japanese, and Korean characters, musical and mathematical symbols, and hieroglyphs.

Don’t use any of those characters? You can still have fun — emoji are now available in WordPress! Get creative and decorate your content with ??, ??, ??, ??, and all the many other emoji.

Switch themes in the Customizer

Browse and preview your installed themes from the Customizer. Make sure the theme looks great with your content, before it debuts on your site.

Even more embeds

Paste links from Tumblr.com and Kickstarter and watch them magically appear right in the editor. With every release, your publishing and editing experience get closer together.

Streamlined plugin updates

Goodbye boring loading screen, hello smooth and simple plugin updates. ClickUpdate Now and watch the magic happen.

Under the Hood

utf8mb4 support

Database character encoding has changed from utf8 to utf8mb4, which adds support for a whole range of new 4-byte characters.

JavaScript accessibility

You can now send audible notifications to screen readers in JavaScript withwp.a11y.speak(). Pass it a string, and an update will be sent to a dedicated ARIA live notifications area.

Shared term splitting

Terms shared across multiple taxonomies will be split when one of them is updated. Find out more in the Plugin Developer Handbook.

Complex query ordering

WP_Query, WP_Comment_Query, and WP_User_Query now support complex ordering with named meta query clauses.

Special thanks go to Siobhan McKeown for producing the release video and Cami Kaos for the voice-over.

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.3!

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.1.2 Security Release

WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, andAndrew Nacin of the WordPress security team.

We also fixed three other security issues:

In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.

We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati,Allan Collins and Marc-Alexandre Montpas.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.1.2 or venture over to Dashboard ? Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2.

A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue. Thank you to all of the plugin authors who worked closely with our security team to ensure a coordinated response.

Already testing WordPress 4.2? The third release candidate is now available (zip) and it contains these fixes. For more on 4.2, see the RC 1 announcement post.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.1 “Dinah”

Version 4.1 of WordPress, named “Dinah” in honor of jazz singer Dinah Washington, is available for download or update in your WordPress dashboard. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style.

Introducing Twenty Fifteen

Our newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.

Twenty Fifteen has flawless language support, with help from Google’s Noto font family.

The straightforward typography is readable on any screen size.

Your content always takes center stage, whether viewed on a phone, tablet, laptop, or desktop computer.

Distraction-free writing

Just write.

Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.

The Finer Points

Choose a language

Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.

Log out everywhere

If you’ve ever worried you forgot to sign out from a shared computer, you can now go to your profile and log out everywhere.

Vine embeds

Embedding videos from Vine is as simple as pasting a URL onto its own line in a post. See the full list of supported embeds.

Plugin recommendations

The plugin installer suggests plugins for you to try. Recommendations are based on the plugins you and other users have installed.

Under the Hood

Complex Queries

Metadata, date, and term queries now support advanced conditional logic, like nested clauses and multiple operators — A AND ( B OR C ).

Customizer API

The customizer now supports conditionally showing panels and sections based on the page being previewed.

`<title>` tags in themes

add_theme_support( 'title-tag' ) tells WordPress to handle the complexities of document titles.

Developer Reference

Continued improvements to inline code documentation have made the developer reference more complete than ever.

The Choir

This release was led by John Blackbourn, with the help of these awesome folks.

There were 283 contributors to this release, again a new high.

If you want to help out or follow along, check out Make WordPress and our core development blog.

Thanks for choosing WordPress. Happy holidays and see you next year for version 4.2!

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.0.1 Security Release

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
A cross-site request forgery that could be used to trick a user into changing their password.
An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavkovic of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.0.1 or venture over to Dashboard ? Updates and simply click “Update Now”.

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 4.0 “Benny”

Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleaderBenny Goodman, is available for download or update in your WordPress dashboard. While 4.0 is just another number for us after 3.9 and before 4.1, we feel we’ve put a little extra polish into it. This release brings you a smoother writing and management experience we think you’ll enjoy.

Introducing WordPress 4.0 “Benny”

Manage your media with style

Media Library Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.

Working with embeds has never been easier

Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.

Focus on your content

Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.

Finding the right plugin

Add plugins

There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.

The Ensemble

This release was led by Helen Hou-Sandí, with the help of these fine individuals.

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.1!

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 3.9.2 Security Release

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.

WordPress 3.9.2 also contains other security changes:

Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 or venture over to Dashboard ? Updates and simply click “Update Now”.

Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also be updated to 3.8.4 or 3.7.4. We don’t support older versions, so please update to 3.9.2 for the latest and greatest.)

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 3.9.1 Maintenance Release

After three weeks and more than 9 million downloads of WordPress 3.9, we’re pleased to announce that WordPress 3.9.1 is now available.

We strongly encourage you to update your sites immediately.

This maintenance release fixes 34 bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor. We’ve also made some improvements to the new audio/video playlists feature and made some adjustments to improve performance. For a full list of changes, consult the list of tickets and the changelog.

If you are one of the millions already running WordPress 3.9, we’ve started rolling out automatic background updates for 3.9.1. For sites that support them, of course.

Download WordPress 3.9.1 or venture over to Dashboard ? Updates and simply click “Update Now.”

Reposted from WordPress.org

Subscribe to get new posts in your mailbox.

WordPress 3.9 “Smith”

Version 3.9 of WordPress, named “Smith” in honor of jazz organist Jimmy Smith, is available for download or update in your WordPress dashboard. This release features a number of refinements that we hope you’ll love.

A smoother media editing experience

Improved visual editing

The updated visual editor has improved speed, accessibility, and mobile support. You can paste into the visual editor from your word processor without wasting time to clean up messy styling. (Yeah, we’re talking about you, Microsoft Word.)

Edit images easily

With quicker access to crop and rotation tools, it’s now much easier to edit your images while editing posts. You can also scale images directly in the editor to find just the right fit.

Drag and drop your images

Uploading your images is easier than ever. Just grab them from your desktop and drop them in the editor.

Gallery previews

Galleries display a beautiful grid of images right in the editor, just like they do in your published post.

Do more with audio and video

“Ain’t Misbehavin’”LOUIS ARMSTRONG