WordPress

WordPress 4.8 Release Candidate 2 The second release candidate for WordPress 4.8 is now available. To test WordPress 4.8, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip). We’ve made a handful of changes since releasing RC 1 last week. For more details about what’s new in version 4.8, check out the Beta 1, Beta 2, and RC1 blog posts. Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here. Happy testing! Source: WordPress 4.8 Release Candidate 2

WordPress 4.8 Release Candidate The release candidate for WordPress 4.8 is now available. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.8 on Thursday, June 8, but we need your help to get there. If you haven’t tested 4.8 yet, now is the time! To test WordPress 4.8, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip). We’ve made a handful of changes since releasing Beta 2 earlier this week. For more details about what’s new in version 4.8, check out the Beta 1 and Beta 2 blog posts. Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here. Developers, please [ more… ]

WordPress 4.8 Beta 2 WordPress 4.8 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.8, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). For more information on what’s new in 4.8, check out the Beta 1 blog post. Since then, we’ve made over 50 changes in Beta 2. Do you speak a language other than English? Help us translate WordPress into more than 100 languages! If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on [ more… ]

WordPress 4.7.5 Security and Maintenance Release WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team. A Cross Site Request Forgery (CRSF)  vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team. Thank [ more… ]

WordPress Now on HackerOne WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne! HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress. The security team has been working on this project for quite some time. Nikolay Bachiyski started the team working on it just over a year ago. We [ more… ]