WordPress

WordPress 4.8 Beta 1 We’re planning a smaller WP release early next month, bringing in three major enhancements: An improved visual editor experience, with a new TinyMCE that allows you navigate more intuitively in and out of inline elements like links. (Try it out to see, it’s hard to describe.) A revamp of the dashboard news widget to bring in nearby and upcoming events including meetups and WordCamps. Several new media widgets covering images, audio, and video, and an enhancement to the text widget to support visual editing. The first beta of 4.8 is now available for testing. You can use the beta tester plugin (or just run trunk) to try the latest and greatest, and each of these areas could use a ton of testing. Our goals are to make editing posts with links more intuitive, make widgets easier [ more… ]

WordPress 4.7.4 Maintenance Release After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release. This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes. Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4. Thanks to everyone who contributed to 4.7.4: Aaron Jorbin, Adam Silverstein, Andrea Fercia, Andrew Ozz, aussieguy123, Blobfolio, boldwater, Boone Gorges, Boro Sitnikovski, chesio, Curdin Krummenacher, Daniel Bachhuber, Darren Ethier (nerrad), David A. Kennedy, davidbenton, David Herrera, Dion Hulse, Dominik Schilling (ocean90), eclev91, Ella Van Dorpe, Gustave [ more… ]

WordPress 4.7.3 Security and Maintenance Release WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect URL validation.  Reported by Daniel Chatfield. Unintended files can be deleted by administrators using the plugin deletion functionality.  Reported by xuliang. Cross-site scripting (XSS) via video URL in YouTube embeds.  Reported by Daniel Cid. Cross-site scripting (XSS) via taxonomy term names.  Reported by Delta. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.  Reported by Sipke Mellema. Thank you to the reporters for practicing responsible disclosure. In addition to the security issues above, WordPress 4.7.3 contains 39 maintenance [ more… ]

WordPress 4.7.2 Security Release WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team. Thank you to the reporters of these issues for practicing responsible disclosure. Download WordPress 4.7.2 or venture over to Dashboard [ more… ]