WordPress 3.4.2 has been release and it is both a maintenance release that fixes 21 bugs and security release that fixes vulnerabilities that includes potential privilege escalation and a bug that affects multisite installs with untrusted users.
Some of the 21 bugs include:
- Fix some issues with older browsers in the administration area.
- Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
- Improve plugin compatibility with the visual editor.
- Address pagination problems with some category permalink structures.
- Avoid errors with both oEmbed providers and trackbacks.
- Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download: WordPress 3.4.2
Auto Update: Dashboard -> Updates
WordPress 3.4.1 has been release and it is both a maintenance release that fixes 18 bugs and security release that fixes vulnerabilities that relates to multisite installs with untrusted users.
Some of the 18 bugs include:
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download: WordPress 3.4.1
Auto Update: Dashboard -> Updates
WordPress 3.4 has been released.
The biggest change in 3.4 is the theme customizer which allows you to play around with various looks and settings for your current theme or one you’re thinking about switching to without publishing those changes to the whole world. For themes that support it, you can change colors, backgrounds, and of course custom image headers. We have more planned for the customizer down the road.
Throughout the rest of the admin you’ll notice tweaks to make your everyday life easier. For example, if you have lots of themes we’ve made it quicker to browse them all at once without paging. We’ve made it possible to use images from your media library to populate custom headers, and for you to choose the height and width of your header images.
We’ve expanded our embed support to include tweets: just put a Twitter permalink on its own line in the post editor and we’ll turn it into a beautiful embedded Tweet. And finally, image captions have been improved to allow HTML, like links, in them.
There are hundreds of under-the-hood improvements in this release, notably in the XML-RPC, themes, and custom header APIs, and significant performance improvements in WP_Query and the translation system. The Codex has a pretty good summary of the developer features, and you can always dive into Trac directly.
Download: WordPress 3.4
PS: My plugins should work with WordPress 3.4, if you discovered any bug, just drop me an email, lesterchan AT gmail.
WordPress 3.4 RC1 has been released to marked the 9th Birthday of WordPress!
I am expecting the final one to ship within the next 1-2 weeks!
Download: WordPress 3.4 RC1
WordPress 3.3.2 & 3.4 Beta 3 has been released
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
vSWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
Changelog: From WordPress 3.3.1
Download: WordPress 3.3.2
WordPress 3.4 Beta 3
- 90 bugs have been fixed since beta 2
Changelog: From WordPress 3.4 Beta 2
Download: >WordPress 3.4 Beta 3