WordPress 3.0.4

WordPress 3.0.4 has been released and it a critical update as it fixes an XSS vulnerability.

It is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as critical.
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

Changelog: WordPress 3.0.4
Download: WordPress 3.0.4
Download: Modified files since WordPress 3.0.3

1 Star2 Stars3 Stars4 Stars5 Stars (142 votes, average: 3.75 out of 5)

WP-DBManager 2.61

WP-DBManager 2.61 has been released and it fixes a security vulnerability which will allow user to download your wp-config.php. If you do not use the default backup folder path, you are not affected by this.

However, most users are affected and it is recommended that you upgrade WP-DBManager to 2.61.

WP-DBManager 2.62 will be out on Tuesday with added nonce security and auto-repair functionality.

Sorry for any inconvenience caused.

Download: WP-DBManager 2.61

1 Star2 Stars3 Stars4 Stars5 Stars (117 votes, average: 3.75 out of 5)

WordPress 4.6 Released

WordPress 4.6 has been released.


What’s New

  • Streamlined Updates – Don’t lose your place: stay on the same page while you update, install, and delete your plugins and themes.
  • Native Fonts – The WordPress dashboard now takes advantage of the fonts you already have, making it load faster and letting you feel more at home on whatever device you use.
  • Inline Link Checker – Ever accidentally made a link to https://wordpress.org/example.org? Now WordPress automatically checks to make sure you didn’t.
  • Content Recovery – As you type, WordPress saves your content to the browser. Recovering saved content is even easier with WordPress 4.6.
  • Resource Hints- Resource hints help browsers decide which resources to fetch and preprocess. WordPress 4.6 adds them automatically for your styles and scripts making your site even faster
  • Robust Requests – The HTTP API now leverages the Requests library, improving HTTP standard support and adding case-insensitive headers, parallel HTTP requests, and support for Internationalized Domain Names.
  • WP_Term_Query and WP_Post_Type – A new WP_Term_Query class adds flexibility to query term information while a new WP_Post_Type object makes interacting with post types more predictable.
  • Meta Registration API – The Meta Registration API has been expanded to support types, descriptions, and REST API visibility.
  • Translations On Demand – WordPress will install and use the newest language packs for your plugins and themes as soon as they’re available from WordPress.org’s community of translators.
  • JavaScript Library Updates – Masonry 3.3.2, imagesLoaded 3.2.0, MediaElement.js 2.22.0, TinyMCE 4.4.1, and Backbone.js 1.3.3 are bundled.
  • Customizer APIs for Setting Validation and Notifications – Settings now have an API for enforcing validation constraints. Likewise, customizer controls now support notifications, which are used to display validation errors instead of failing silently.
  • Multisite, now faster than ever – Cached and comprehensive site queries improve your network admin experience. The addition of WP_Site_Query and WP_Network_Query help craft advanced queries with less effort.

Download: WordPress 4.6

1 Star2 Stars3 Stars4 Stars5 Stars (77 votes, average: 3.75 out of 5)

WordPress 3.3 Beta 4

WordPress 3.3 Beta 4 has been released!

With all our major tickets closed, we are very close to a release candidate. In Beta 4 we’ve fixed a bunch of bugs, cleaned up the UI, added real text in some of the screens that still had placeholder text in Beta 3 (post-update screen, the Dashboard welcome area, new feature pointers), and generally tightened things up. We updated to jQuery 1.7.1 and addressed a LOT of bugs.

View: Full Changelog From Beta 3
Download: WordPress 3.3 Beta 4

1 Star2 Stars3 Stars4 Stars5 Stars (68 votes, average: 3.75 out of 5)