WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening […]
WordPress 3.1.4 (and 3.2 Release Candidate 3)
WordPress 3.2 Release Candidate 2
Howdy! The second release candidate for WordPress 3.2 is now available. If you haven’t tested WordPress 3.2 yet, now is the time — please though, not on your live site unless you’re extra adventurous. We’ve handled a number of issues since RC1, including additional Twenty Eleven tweaks, a new theme support option for defaulting to […]
Passwords Reset
Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory. We’re […]
WordPress 3.2 Release Candidate
The first release candidate (RC1) for WordPress 3.2 is now available. An RC comes after the beta period and before final release. We think we’re done, but with tens of millions of users, a variety of configurations, and thousands of plugins, it’s possible we’ve missed something. So if you haven’t tested WordPress 3.2 yet, now […]