WordPress 5.5.1 Maintenance ReleaseSeptember 1, 2020 2020-09-11 11:42
WordPress 5.5.1 is now available!
You can download WordPress 5.5.1 directly, or visit the Dashboard → Updates screen and click Update Now. If your sites support automatic background updates, they’ve already started the update process.
WordPress 5.5.1 is a short-cycle maintenance release. The next major release will be version 5.6.
WordPress 5.1.1 Security and Maintenance ReleaseMarch 13, 2019 2019-03-13 10:14
WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.
Other highlights of this release include:
- Hosts can now offer a button for their users to update PHP.
- The recommended PHP version used by the “Update PHP” notice can now be filtered.
- Several minor bug fixes.
You can browse the full list of changes on Trac.
WordPress 5.1.1 was a short-cycle maintenance release. Version 5.1.2 is expected to follow a similar two week release cadence.
You can download WordPress 5.1.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.
About WordPress 5.1March 8, 2019 2019-03-08 17:25
Release of WordPress 5.1
Near the end of the month, WordPress 5.1 was released, featuring significant stability and performance enhancements as well as the first of the Site Health mechanisms that are in active development. Most prominent is the new warning for sites running long-outdated versions of PHP.
You can check out the Field Guide for this release for a detailed look at all the new features and improvements. The next release is already in development with plans to improve the Site Health features, PHP compatibility, and a number of other things.
Want to get involved in testing or building WordPress Core? You can install the WordPress Beta Tester plugin, follow the Core team blog, and join the #core channel in the Making WordPress Slack group.
Gutenberg Development Continues
The block editor that is now a part of WordPress core started out as a project named Gutenberg with the lofty goal of creating a whole new site-building experience for all WordPress users. The first phase of Gutenberg resulted in the block editor that was included in WordPress 5.0, but development didn’t stop there – phase 2 of the project is well underway.
This month, one of the initial goals for this phase was reached with all of the core WordPress widgets being converted to blocks – this will go a long way to allowing full sites to be built using blocks, rather than simply post or page content.
Block Editor Comes to the Mobile Apps
As Gutenberg development continues, the Mobile team has been working hard to integrate the new block editor into the WordPress mobile apps. Near the end of February, the team shipped a complete integration in the beta versions of the apps – this a significant milestone and a big step towards unifying the mobile and desktop editing experiences.
Both the iOS and Android apps are open for beta testers, so if you would like to experience the block editor on mobile today, then join the beta program.
WordPress Triage Team Announced
One of the goals for 2019 that Matt Mullenweg (@matt) announced in his State of the Word address last year was to form a team who would work to manage the ever-increasing number of tickets in Trac, the bug tracker that WordPress Core employs.
This team, known as the Triage Team, has been announced. Their work will involve coordinating with component maintainers, release leads, project leadership, contributors, and other WordPress related projects with issue trackers outside of Trac to ensure that everyone is empowered to focus on contributing.
The team was formed based on nominations of volunteers to take part and will be led by Jonathan Desrosiers (@desrosj). The other members of the team are Chris Christoff (@chriscct7), Tammie Lister (@karmatosed), Sergey Biryukov (@sergey), and Sheri Bigelow (@designsimply) – all of whom have a strong track record of contributing to WordPress, have exhibited good triaging practices, and are overall good community members.
Updating WoocommerceMarch 27, 2017 2017-03-27 0:50
You can choose to update WooCommerce with one click or manually update it.
Be sure you’ve read and understand how to update your site, then come back to your live site to update..
- Back up your live site.
- Go to: Dashboard > Updates within WordPress.
- If there is an update, you’ll see WooCommerce in the list of plugins/themes to update.
- Tick the checkbox next to plugins/themes/WooCommerce, then select Update Now button.
Again, be certain you’ve read how to update your site.
- Downloadthe latest version of WooCommerce from WordPress.org.
- Upload the unzipped WooCommerce folder to the wp-content/plugins directory on your web server overwriting the old files.
WordPress 4.7.1 Security and Maintenance ReleaseJanuary 24, 2017 2017-01-24 22:32
WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7 and earlier are affected by eight security issues:
- Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.
- The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
- Cross-site scripting (XSS) via the plugin name or version header on
update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
- Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
- Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
- Post via email checks
mail.example.comif default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
- A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
- Weak cryptographic security for multisite activation key. Reported by Jack.
Thank you to the reporters for practicing responsible disclosure.
Download WordPress 4.7.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.1.
This content provided by WordPress here.
As always, be sure to backup your site + database before installing this new update.
WordPress 4.5 Beta 3March 16, 2016 2016-03-16 22:41
WordPress 4.5 Beta 3 is now available!
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.5, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
- Many Theme Logo Support (#33755) fixes, including support for bundled Twenty Fifteen (#35944).
- Add Responsive Preview to theme install previewer (#36017).
- Support Imagick in HHVM (#35973).
- Whitelist IPTC, XMP, and EXIF profiles from
strip_meta()to maintain authorship, copyright, license, and image orientation (#28634).
- Support Windows shares/DFS roots in
- New installs default to generating secret keys and salts locally instead of relying on the WordPress.org API. Please test installing WP in situations where it can’t connect to the internet (like on a ?, ✈️, or ?) (#35290).
- OPTIONS requests to REST API should return Allow header (#35975).
- Upgrade twemoji.js to version 2 (#36059) and add extra IE11 compatibility (#35977) for Emoji.
- Various bug fixes. We’ve made more than 100 changes during the last week.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs.
Beta one, two, three
so many bugs have been fixed
Closer now; four, five.