WordPress 3.0.5 & 3.1 RC4

WordPress 3.0.5 & 3.1 RC4 has been released:

WordPress 3.0.5

WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions.

This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update.

Three point oh point five

Enhances security

Three point one comes soon

The release addresses a number of issues and provides two additional enhancements:

Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.

One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.

Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.

Thanks to Nils Jueneman and Saddy for their private and responsible disclosures to security@wordpress.org for two of the issues. The others were reported or repaired by our security team.

Changelog: WordPress 3.0.5
Download: WordPress 3.0.5
Download: Modified files since WordPress 3.0.4

WordPress 3.1 RC4

The Release Candidate 4 build includes the security fixes and enhancements included in 3.0.5 and addresses about two dozen additional bugs. This includes fixes for:

  • Deleting a user and reassigning their posts to another user.
  • Marking multiple users or sites as spam in multisite.
  • PHP4 compatibility.

As outlined in previous RC posts, if you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:

To test WordPress 3.1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If any new issues become known, you’ll be able to find them here.

After nearly five months of development and testing, we think we’re very close to a final release. Users and developers, please test your themes and plugins.

Download: WordPress 3.1 RC4

1 Star2 Stars3 Stars4 Stars5 Stars (92 votes, average: 3.92 out of 5)

WordPress 3.1 RC3

WordPress 3.1 RC3 has been release.

In summary, RC3 has removed the AJAX list tables implemented in RC2 because of bugs and usability issues.

Here is the blog post from WordPress.org:

WordPress 3.1 Release Candidate 3 is now available. After careful evaluation of the 3.1 features in RC2, we recognized the need to make some adjustments. There are some significant differences from previous versions of 3.1, so please review the changes if you have been developing against a beta or RC version.

The biggest change is the removal of AJAX list tables, which had been an effort to move all of our list-style screens to full AJAX for pagination, searches, and column sorts, and to consolidate the list-style screens into a single API that plugins could leverage. Unfortunately, with more testing came realizations that there were too many major bugs and usability issues with how the functionality was implemented, so we’ve spent the last week rolling back the most important portions of the feature.

  • For users: AJAX has been entirely disabled for the list tables. We hope to bring this back again, in a form that is properly and fully implemented, in a future release. Column sorting remains, but everything else has returned to its 3.0 state.
  • For developers: The entire list table API is now marked private. If you attempt to leverage new components of the API, you are pretty much guaranteeing that your plugins will break in a future release, so please don’t do that. We hope to enable all the fun new goodies for public use in a future release.

This is the only way we could prevent any regressions in functionality and usability from WordPress 3.0 to 3.1. That’s right, users and plugin authors can still do everything you used to be able to do (and a little bit more).

Because of the code churn between RC2 and RC3, this release candidate needs a lot of testing. Every list screen needs testing. In particular, the comment moderation screen needs testing, especially with keyboard shortcuts (if you didn’t know about those, now’s your chance to try them out).

Other fixes in RC3 include:

  • Properly display the author dropdown in Quick Edit
  • Various important fixes to numerous taxonomy query variables
  • Fixes to the theme deletion process
  • Fixes to pages used for posts
  • IIS and Multisite: Avoid resetting web.config on permalink save
  • Properly validate post formats and their rewrite rules

I’m assembling a group of friends in Washington, D.C., this weekend to test WordPress 3.1 and provide feedback. We’d love to see this idea catch on among friends at coffee shops around the world. (We’ll blog our results, and we’re thinking about using the hashtag #wptest on Twitter.) If you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:

To test WordPress 3.1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

We’re going to study this release carefully to see where we can improve on our internal processes in the future. With that, our requisite haiku, authored by Jane:

Pulling the AJAX –

sometimes you need to step back

and show some restraint.

Happy testing!

Download: WordPress 3.1 RC 3

1 Star2 Stars3 Stars4 Stars5 Stars (248 votes, average: 3.95 out of 5)

WP-ServerInfo 1.60

I have updated WP-ServerInfo to 1.60.

There are 2 changes only:

  1. The major change was adding support for memcached stats if your server has it and your PHP is compiled with it
  2. The other was to tidy up and use readme.txt instead of readme.html so that user can see all the information (including screenshots) within the plugin page itself.

Moving forward, whenever I have time to spare and when I am updating my plugins, I will port the respective plugin’s readme.html to readme.txt to keep it consistent.

Rest assured that my plugins are NOT dead, just not as active as before due to work commitments.

I am always using the latest stable version of WordPress for my website, lesterchan.net, and hence I will make sure that the plugins are compatible with the latest version of WordPress.

1 Star2 Stars3 Stars4 Stars5 Stars (291 votes, average: 4.05 out of 5)

WordPress 3.1 RC2

WordPress 3.1 RC2 has been released! I am pretty sure by end of this week or latest next week, we will be able to see WordPress 3.1 out the door!

The second release candidate for WordPress 3.1 is now available. The requisite haiku:

Rounding up stragglers

Last few bugs for 3.1

Go test RC2

As I outlined in the announcement post for RC1, release candidates are the last stop before the final release. It means we think we’re done, and we again have no bugs to squash. But with tens of millions of users, many server configurations and setups, and thousands of plugins and themes, it’s still possible we’ve missed something.

Beta 1 came on Thanksgiving, RC1 on Christmas, and RC2 on New Year’s Day. We won’t be waiting for another holiday for the final release, though, so if you haven’t tested WordPress 3.1 yet, now is the time!

Select changes since RC1:

  • The security fixes included in WordPress 3.0.4
  • Fix issues related to handling a static front page
  • Fixes and enhancements for the pagination buttons
  • Fix searching for partial usernames
  • Properly reactivate plugins after editing them
  • Always show the current author in the author dropdown when editing a post
  • Fixes for attachment taxonomies
  • Fix node removal for the admin bar
  • Fix the custom post type show_in_menu argument
  • Various fixes for right-to-left languages
  • and a few dozen more changes

If you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:

Download: WordPress 3.1 RC2

1 Star2 Stars3 Stars4 Stars5 Stars (211 votes, average: 3.82 out of 5)

WordPress 3.0.4

WordPress 3.0.4 has been released and it a critical update as it fixes an XSS vulnerability.

It is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as critical.
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

Changelog: WordPress 3.0.4
Download: WordPress 3.0.4
Download: Modified files since WordPress 3.0.3

1 Star2 Stars3 Stars4 Stars5 Stars (138 votes, average: 3.83 out of 5)