WordPress 3.6.1

WordPress 3.6.1 has been release. This is a maintenance and security release, so please upgrade as soon as you get the chance.

This .1 release fixes 13 bugs and the below security issues:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
  • Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

Download: WordPress 3.6.1

1 Star2 Stars3 Stars4 Stars5 Stars (44 votes, average: 3.98 out of 5)

WordPress 3.6

WordPress 3.6 has been released!

User Features

  • The new Twenty Thirteen theme inspired by modern art puts focus on your content with a colorful, single-column design made for media-rich blogging.
  • Revamped Revisions save every change and the new interface allows you to scroll easily through changes to see line-by-line who changed what and when.
  • Post Locking and Augmented Autosave will especially be a boon to sites where more than a single author is working on a post. Each author now has their own autosave stream, which stores things locally as well as on the server (so much harder to lose something) and there’s an interface for taking over editing of a post, as demonstrated beautifully by our bearded buddies in the video above.
  • Built-in HTML5 media player for native audio and video embeds with no reliance on external services.
  • The Menu Editor is now much easier to understand and use.

Developer features

  • A new audio/video API gives you access to metadata like ID3 tags.
  • You can now choose HTML5 markup for things like comment and search forms, and comment lists.
  • Better filters for how revisions work, so you can store a different amount of history for different post types.
  • Tons more listed on the Codex, and of course you can always browse the over 700 closed tickets.
1 Star2 Stars3 Stars4 Stars5 Stars (69 votes, average: 4.14 out of 5)

WordPress 3.6 RC2

WordPress 3.6 RC2 is out! The final version of WordPress 3.6 will be out in a couple of days.

We’re down to only a few remaining issues, and the final release should be available in a matter of days. In RC2, we’ve tightened up some aspects of revisions, autosave, and the media player, and fixed some bugs that were spotted in RC1. Please test this release candidate as much as you can, so we can deliver a smooth final release!

Download: WordPress 3.6 RC2

1 Star2 Stars3 Stars4 Stars5 Stars (28 votes, average: 3.71 out of 5)

WordPress 3.6 RC1

WordPress 3.6 RC1 is out! The final version of WordPress 3.6 will be out in a couple of weeks. I am guessing there will be 2 or more RCs till the final release.

The first release candidate for WordPress 3.6 is now available.

We hope to ship WordPress 3.6 in a couple weeks. But to do that, we really need your help! If you haven’t tested 3.6 yet, there’s no time like the present. (But please: not on a live production site, unless you’re feeling especially adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums. If any known issues come up, you’ll be able to find them here. Developers, please test your plugins and themes, so that if there is a compatibility issue, we can sort it out before the final release.

To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

As you may have heard, we backed the Post Format UI feature out of the release. On the other hand, our slick new revisions browser had some extra time to develop. You should see it with 200+ revisions loaded — scrubbing back and forth at lightning speed is a thing of beauty.

Delayed, but still loved
The release will be out soon
Test it, por favor

Download: WordPress 3.6 RC1

1 Star2 Stars3 Stars4 Stars5 Stars (31 votes, average: 3.90 out of 5)

WordPress 3.5.2

WordPress 3.5.2 has been released and this is a security fix which fixes 12 bugs including the following security issues:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

You ae advised to upgrade immediately.

Download: WordPress 3.5.2 or visit Dashboard -> Updates in your site admin to update now.

1 Star2 Stars3 Stars4 Stars5 Stars (57 votes, average: 3.95 out of 5)