WordPress 3.3.2 & 3.4 Beta 3 Released

WordPress 3.3.2 & 3.4 Beta 3 has been released
WordPress 3.3.2

Fixes:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • vSWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Changelog: From WordPress 3.3.1
Download: WordPress 3.3.2

WordPress 3.4 Beta 3

  • 90 bugs have been fixed since beta 2

Changelog: From WordPress 3.4 Beta 2
Download: >WordPress 3.4 Beta 3

1 Star2 Stars3 Stars4 Stars5 Stars (134 votes, average: 3.96 out of 5)

WordPress 2.7 Features By WLTC

Weblog Tools Collection has put up a list of features that will be in the upcoming WordPress 2.7 which I think will be released before the end of the year.

Here is the list of the planned features:

  • Comments API
  • Keyboard shortcuts for comment moderation
  • Theme Update API
  • One Click Plugin Installs
  • WordPress core updates
  • Default Sitemaps
  • Admin Panel Comment Replies
  • Comment Threading
  • Subscribe to Comments
  • Widgets for Dashboard and Write Box
  • Batch Editing of Posts

Check out WLTC: Features Planned for WordPress 2.7

1 Star2 Stars3 Stars4 Stars5 Stars (113 votes, average: 3.96 out of 5)

WP-Polls 2.20 Beta 1 Test

WP-Polls 2.20 Beta 1 is out the door. As usual, please do not run it on a live site as it is still in a beta stage. There are A LOT of changes between WP-Polls 2.14 and WP-Polls 2.20. 2 major ones are the implementation of polls that allow users to choose multiple answers and AJAX used in the administration panel.

I will try to capture screenshots for all of my plugins when I have the time to do so in addition to the live demo mainly because the administration panel cannot be shown. WP-Polls is the first plugin to get screenshoted.

Screenshots: http://www.lesterchan.net/wordpress/screenshots/browse/wp-polls/

WP-Polls 2.20 RC 1 has been released.

If you downloaded it, please feedback to me via the Support Forums or by email.

Thank You.

UPDATE:
Support forums: http://forums.lesterchan.net
Make sure you are using WordPress 2.1 and NOT WordPress 2.0.x

1 Star2 Stars3 Stars4 Stars5 Stars (69 votes, average: 3.96 out of 5)

WordPress 4.0.1 Released

WordPress 4.0.1 has been released today and it is a important security release. So please update your WordPress site as soon as possible.

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavkovi? of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

Download: WordPress 4.0.1

1 Star2 Stars3 Stars4 Stars5 Stars (50 votes, average: 3.96 out of 5)