WordPress 3.4 Beta 4

Posted in: Releases- May 02, 2012 Comments Off on WordPress 3.4 Beta 4

Less bugs, more polish, the same beta disclaimers. Download, test, report bugs. Thanks much. /ryan #thewholebrevitything

WordPress 3.3.2 (and WordPress 3.4 Beta 3)

Posted in: Development, Releases, Security- Apr 20, 2012 Comments Off on WordPress 3.3.2 (and WordPress 3.4 Beta 3)

WordPress 3.3.2 is available now and is a security update for all previous versions.

Three external libraries included in WordPress received security updates:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.

WordPress 3.3.2 also addresses:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.

Download WordPress 3.3.2 or update now from the Dashboard → Updates menu in your site’s admin area.


WordPress 3.4 Beta 3 also available

Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)

This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!

Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.

Leap Year Sale!

Posted in: All About Clients, Client Relationships, Community, Design Tips, Development, Everything SEO, Hosting, Inspiration, Latest News, News- Feb 23, 2012 No Comments

Leap Year Sale!

We are having a one day only Custom Designed Blog/Website Sale!

Lots of extras are included which would normally cost 3 times this price.

If you know anyone that needs a personal or business site this is a great start-up price! Pass this along if you know anyone looking. This is for new sites only and cut off time is Friday February 29th 2012 at midnight.

Email me at freespiritmedia@telus.net to order or for more information

Best WordCamp Speakers?

Posted in: Community, WordCamp- Jul 16, 2011 Comments Off on Best WordCamp Speakers?

As we complete speaker selection for the annual WordPress conference (a.k.a. WordCamp San Francisco), it’s clear that even though there were more than 200 speaker applications, many great WordCamp speakers did not apply. No fear! We will seek them out to make sure that WordCamp SF has a fantastic lineup, including people who didn’t apply (too shy? who knows?) but have wowed local crowds at previous WordCamps.

This is about as basic a survey as there is. Tell us the three best WordCamp presentations you saw in the past year or so. For each, give the presenters name, the topic (exact title not necessary) and which WordCamp it was at (important).

Example:

1. Joe Shmoe, Using the Loop, WordCamp Sheboygan 2011
2. Jane Doe, Top 5 WordPress Plugins, WordCamp La Mancha 2010
3. Lee Smith, Your First Core Patch, WordCamp Atlantis 2011

That’s it. We don’t need your name or any info at all, just your three top speaker votes. We’ll take a look at the people with the most votes, and consider them for WCSF if they’re not already in the application pool. Thanks for your help in making this year’s conference better and more WordPressy than ever. :)

Vote Now!

P.S. Have you bought your tickets yet?

WordPress 3.2.1

Posted in: Releases- Jul 12, 2011 Comments Off on WordPress 3.2.1

After more than a million downloads of WordPress 3.2, we’re now releasing WordPress 3.2.1 into the wild. This maintenance release fixes a server incompatibility related to JSON that’s unfortunately affected some of you, as well as a few other fixes in the new dashboard design and the Twenty Eleven theme. If you’ve already updated to 3.2, then this update will be even faster than usual, thanks to the new feature in 3.2 that only updates files that have been changed, rather than replacing all the files in your installation.

For a full list of fixes, view the changelog the list of tickets. Our release haiku:

JSON, the admin
A little bit tidier
Edge cases covered

Download 3.2.1 or update now from the Dashboard → Updates menu in your site’s admin area.

WordPress 3.2 now available

Posted in: Releases- Jul 04, 2011 Comments Off on WordPress 3.2 now available

Here in the U.S. we are observing Independence Day, and I can’t think of a more fitting way to mark a day that celebrates freedom than by releasing more free software to help democratize publishing around the globe. I’m excited to announce that WordPress 3.2 is now available to the world, both as an update in your dashboard and a download on WordPress.org. Version 3.2 is our fifteenth major release of WordPress and comes just four months after 3.1 (which coincidentally just passed the 15 million download mark this morning), reflecting the growing speed of development in the WordPress community and our dedication to getting improvements in your hands as soon as possible. We’re dedicating this release to noted composer and pianist George Gershwin.

Before we get to the release, in anticipation of the State of the Word speech at the upcoming WordCamp San Francisco (the annual WordPress conference) we’re doing a survey or census of the WordPress world. If you have a moment, please fill out this survey and we’ll share what we learn by publishing the aggregate results in August.

The focus for this release was making WordPress faster and lighter. The first thing you’ll notice when you log in to 3.2 is a refreshed dashboard design that tightens the typography, design, and code behind the admin. (Rhapsody in Grey?) If you’re starting a new blog, you’ll also appreciate the fully HTML5 new Twenty Eleven theme, fulfilling our plan to replace the default theme every year. Start writing your first post in our redesigned post editor and venture to the full-screen button in the editing toolbar to enter the new distraction-free writing or zen mode, my personal favorite feature of the release. All of the widgets, menus, buttons, and interface elements fade away to allow you to compose and edit your thoughts in a completely clean environment conducive to writing, but when your mouse strays to the top of the screen your most-used shortcuts are right there where you need them. (I like to press F11 to take my browser full-screen, getting rid of even the OS chrome.)

Under the hood there have been a number of improvements, not the least of which is the streamlining enabled by our previously announced plan of retiring support for PHP4, older versions of MySQL, and legacy browsers like IE6, which allows us to take advantage of more features enabled by new technologies. The admin bar has a few more shortcuts to your most commonly-used actions. On the comment moderation screen, the new approve & reply feature speeds up your conversation management. You’ll notice in your first update after 3.2 that we’ll only be updating the files that have changed with each new release instead of every file in your WordPress installation, which makes updates significantly faster on all hosting platforms. There are also some fun new theme features shown off by Twenty Eleven, like the ability to have multiple rotating header images to highlight all of your favorite photos.

There is way more, like our new freedoms and credits screens (linked from your dashboard footer), so for the full story check out the Codex page on 3.2 or the Trac milestone which includes the 400+ tickets closed in this release.

A Community Effort

We now finally have a credits page inside of WordPress itself (though a cool revision is coming in 3.3), but for posterity let’s give a round of applause to these fine folks who contributed to 3.2:

Aaron Brazell, Aaron Campbell, Aaron Jorbin, Adam Harley, Alex Concha, ampt, Andrew Nacin, Andrew Ozz, andrewryno, andy, Austin Matzko, BenChapman, Ben Dunkle, bluntelk, Boone Gorges, Brandon Allen, Brandon Burke, Caspie, cfinke, charlesclarkson, chexee, coffee2code, Cristi Burcă, daniloercoli, Daryl Koopersmith, David Cowgill, David Trower, demetris, Devin Reams, Dion Hulse, dllh, Dominik Schilling, Doug Provencio, dvwallin, Dylan Kuhn, Eric Mann, fabifott, Franklin Tse, Frumph, garyc40, Glenn Ansley, guyn, hakre, hebbet, Helen Hou-Sandi, hew, holizz, Ian Stewart, Jacob Gillespie, Jane Wells, Jayjdk, Jeff Farthing, Joachim Kudish, joelhardi, John Blackbourn, John Ford, John James Jacoby, JohnONolan, Jon Cave, joostdevalk, Jorge Bernal, Joseph Scott, Justin Sternberg, Justin Tadlock, kevinB, Knut Sparhell, kovshenin, Kuraishi, Lance Willett, linuxologos, lloydbudd, Luc De Brouwer, marcis20, Mark Jaquith, Mark McWilliams, Martin Lormes, Matías Ventura, Matt Martz, Matt Thomas, MattyRob, mcepl, mdawaffe, Michael Fields, MichaelH, michaeltyson, Mike Schroder, Milan Dinić, mintindeed, mitchoyoshitaka, Mohammad Jangda, mrroundhill, natecook, nathanrice, Niall Kennedy, Nick Bohle, Nikolay Bachiyski, nuxwin, Otto, pavelevap, pete.mall, Peter Westwood, Prasath Nadarajah, Ptah Dunbar, Rafael Poveda, Rahe, Ramiy, Rasheed Bydousi, Reuben Gunday, Robert Chapin, Ron Rennick, Ross Hanney, Ryan Boren, Ryan Imel, Safirul Alredha, Samir Shah, saracannon, sbressler, Sergey Biryukov, shakenstirred, Sidney Harrell, Simon Prosser, sorich87, szadok, tetele, tigertech, trepmal, Utkarsh Kukreti, valentinas, webduo, Xavier Borderie, Yoav Farhi, Ze Fontainhas, and ziofix.

Bonus: On their WordPress.org profiles over 20,000 people have said they make their living from WordPress. Are you one of them? Don’t forget to take a minute for our survey.

WordPress 3.1.4 (and 3.2 Release Candidate 3)

Posted in: All About Clients, Latest News, Releases, Security- Jun 29, 2011 Comments Off on WordPress 3.1.4 (and 3.2 Release Candidate 3)

WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions.

This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening measures thanks to the work of WordPress developers Alexander Concha and Jon Cave of our security team. Consult the change log for more details.

Download WordPress 3.1.4 or update immediately from the Dashboard → Updates menu in your site’s admin area.

WordPress 3.2 Release Candidate 3

This release was about all that stood in the way of a final release of WordPress 3.2. So we’re also announcing the third release candidate for 3.2, which contains all of the fixes in 3.1.4; few minor RTL, JavaScript, and user interface fixes; and ensures graceful failures if 3.2 is run on PHP4. As a reminder, we’ve bumped our minimum requirements for version 3.2 to PHP 5.2.4 and MySQL 5.0.

To test WordPress 3.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). At this stage, plugin authors should be doing final tests to ensure compatibility.

Bonus: For more on what to test and what to do if you find an issue, please read our Beta 1 post.

WordPress 3.2 Release Candidate 2

Posted in: Testing- Jun 24, 2011 Comments Off on WordPress 3.2 Release Candidate 2

Howdy! The second release candidate for WordPress 3.2 is now available. If you haven’t tested WordPress 3.2 yet, now is the time — please though, not on your live site unless you’re extra adventurous.

We’ve handled a number of issues since RC1, including additional Twenty Eleven tweaks, a new theme support option for defaulting to randomized headers, and various RTL fixes.

Plugin and theme authors, please test your plugins and themes now, so that if there is a compatibility issue, we can figure it out before the final release. Users are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause. If you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:

To test WordPress 3.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

If any known issues crop up, you’ll be able to find them here. If you’d like to know which levers to pull in your testing, check out a list of features in our Beta 1 post.

Passwords Reset

Posted in: Security- Jun 21, 2011 Comments Off on Passwords Reset

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)

As a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.

Second, if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version.

WordPress 3.2 Release Candidate

Posted in: Development, Releases, Testing- Jun 13, 2011 Comments Off on WordPress 3.2 Release Candidate

The first release candidate (RC1) for WordPress 3.2 is now available.

An RC comes after the beta period and before final release. We think we’re done, but with tens of millions of users, a variety of configurations, and thousands of plugins, it’s possible we’ve missed something. So if you haven’t tested WordPress 3.2 yet, now is the time! Please though, not on your live site unless you’re extra adventurous.

Things to keep in mind:

  • With more than 350 tickets closed, there are plenty of changes. Plugin and theme authors, please test your plugins and themes now, so that if there is a compatibility issue, we can figure it out before the final release.
  • Users are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause.
  • Twenty Eleven isn’t quite at the release candidate stage. Contents may settle.
  • If any known issues crop up, you’ll be able to find them here.

If you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:

To test WordPress 3.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

Happy testing!

If you’d like to know which levers to pull in your testing, check out a list of features in our Beta 1 post.