WordPress 2.8.5 has been released. This release makes your WordPress even more secure:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
Changelog: WordPress 2.8.5
Download: WordPress 2.8.5
Download: Modified files since WordPress 2.8.4
Dougal has put up a list of what to expect in WordPress 2.9:
Here is the list:
- Post Thumbnails: add an image to be automatically displayed with the post in various views (main page, archives, etc.). The WordPress logo on this post is added with this feature, plus a filter I added to my theme’s functions.php file.
- “Trash” status: deleted items such as posts, pages, and comments now go to the “trash”, and can be recovered later, much like delete files in most modern operating systems.
- Image editing: basic image manipulation for your media library. You can rotate, flip, resize, and crop images.
- Widgets outside of sidebars: there is a new template tag called the_widget(), which allows you to put a widget anywhere in your theme.
- Comment metadata: plugins and themes can now take advantage of arbitrary metadata for comments, just as for posts, pages, and users. This should make it easier to create plugins to highlight “popular” or “hot” comments, among other things.
- Custom post types: general support for post types other than ‘post’, ‘page’, and ‘attachment’. This plus the custom taxonomy support we already have will go far to address those to like to claim that WordPress is not a ‘real’ CMS. We’ll be able to organize content in ways that I can’t even think of right now (I need more time to brainstorm).
- Media Embeds: I haven’t had a chance to look over this all the way yet, but it’s basically Viper’s Video Quicktags folded into core (minus the editor buttons at this time), including support for the oEmbed standard. With oEmbed, you can just paste in the URL for a page containing embeddable media, and it can auto-detect the proper way to embed it in your post. Supported services so far appear to be YouTube, Google Video, PollDaddy, and DailyMotion. Plus, theoretically, any service that supports oEmbed, which currently includes YouTube, Flickr, Vimeo, Viddler, Qik, and Hulu, among others (according to the oEmbed site). Whoah, awesome! I’ll post a demo of this soon, but you can read Viper007Bond’s post now for more details.
- register_theme_directory(): plugins can now add additional theme directories to be searched. This means that a theme can basically come bundled with its own themes. I’ve already got a project that’s been on the back-burner that can use this feature. I think we might seem some nifty uses appearing in the future.
For more information, check out Dougal’s post on WordPress 2.9 Features