Development

WordPress 3.3.2 (and WordPress 3.4 Beta 3)

Apr 20th, 2012

WordPress 3.3.2 is available now and is a security update for all previous versions.

Three external libraries included in WordPress received security updates:

Plupload (version 1.5.4), which WordPress uses for uploading media.
SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.

WordPress 3.3.2 also addresses:

Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.

Download WordPress 3.3.2 or update now from the Dashboard ? Updates menu in your site’s admin area.

WordPress 3.4 Beta 3 also available

Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)

This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!

Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.

Share and Enjoy:

WordPress 3.3 Release Candidate 3

Dec 11th, 2011

by Jane Wells.

No comments yet

The third (and hopefully final!) release candidate for WordPress 3.3 is now available. Since RC2, we’ve done a handful of last-minute tweaks and bugfixes that we felt were necessary.

Our goal is to release version 3.3 early next week, so plugin and theme authors, this is your last pre-release chance to test your plugins and themes to find any compatibility issues before the final release. We’ve published a number of posts on the development blog that explain important things you need to know as you prepare for WordPress 3.3. Please review this information immediately if you have not done so already.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a reproducible bug report, file one on WordPress Trac. Known issues that crop up will be listed here, but let’s all keep our fingers crossed for a quiet Sunday so we can get these new features into your hands early next week!

To test WordPress 3.3, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

Share and Enjoy:

WordPress 3.3 Release Candidate 2

Dec 7th, 2011

by Andrew Nacin.

No comments yet

The second release candidate for WordPress 3.3 is now available!

As the first release candidate was well-received, we think we’re really close to a final release. Primarily, we’ve ensured that new toolbar (the admin bar in 3.2) has a consistent appearance across all browsers, and the API for developers is now final. You can check our bug tracker for the complete list of changes.

Plugin and theme authors, please test your plugins and themes now, so that if there is a compatibility issue, we can figure it out before the final release. On our development blog, we’ve published a number of posts that explain important things you need to know as you prepare for WordPress 3.3.

If you haven’t tested WordPress 3.3 yet, now is the time — please though, not on your live site unless you’re adventurous. Once you install RC2, you can visit About WordPress page (hover over the WordPress logo in the top left) to see an overview of what’s to come in WordPress 3.3 (and what to test, of course).

Enjoy!

To test WordPress 3.3, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

Sometimes time slows down
between releases – like now
This is RC2

Share and Enjoy:

Wherefore Art Thou, Widgets?

Nov 20th, 2011

by Jane Wells.

No comments yet

We need your opinion! One of the features we’re adding to WordPress 3.3 (currently in beta 3) is intended to reduce widget pain. Say you’re using Theme A and you have a handful of widgets set up. You switch to Theme B, and it has different widget areas, so you add/remove/edit your widgets. Then you realize that you hate Theme B. “This theme doesn’t represent my innermost soul!” you cry to the heavens. You switch back to Theme A, but because it had different widget areas, now your widgets are messed up. Argh, right? Not for long!

Imagine being able to change themes and modify widgets as needed, and if you decided to go back to your old theme, it would return your widgets to how they were the last time you had that theme activated. Sounds good, yeah? The problem we’re facing is deciding how long to save the old widget configuration, since there are so many potential workflows. If you changed From Theme A to Theme B and added more widgets over the next few weeks, if you switched back to Theme A after a month, would you still expect it to go back to the widgets from a month ago? At what point does it go from handy timesaver to unexpected widget mangler? What do you think?

View This Poll

Share and Enjoy:

Software Freedom Day + Hackathon

Sep 15th, 2011

by Jane Wells.

No comments yet

Saturday, September 17 is Software Freedom Day. To that end, a few announcements about this weekend’s hackathon and WordCamp Portland.

3.3 Hackathon

WordPress 3.3 is about to hit feature freeze. This means it’s the last chance to squeeze in features that haven’t quite been finished, and enhancements and fixes that no one has had time to address yet. Around this time, there are often dozens of tickets that have patches, but the patches have not been tested enough to be committed to core. Then the contributors who worked hard on the patches are disappointed that their code doesn’t make it into the current release. You can help us prevent this!

This weekend, we’ll be running a has-patch needs-testing marathon for the 3.3 milestone. Basically, we’re looking for people who can help test patches and/or refresh patches that need updating. Lead developers and core contributors will be hanging around in the #wordpress-dev channel on irc.freenode.net to answer questions as needed, and will be committing patches as they get enough verification. As you test the patches, report your findings on the trac tickets in question. If all developers who make a living working with WordPress helped out for even an hour or two this weekend, we could clear the 200 tickets or so that are in this situation. To make it fun, why not get together with other WordPress devs and have an in-person hackathon meetup?

WordCamp Portland

At WordCamp Portland this weekend, some of the WordPress core team will be in attendance, including me, Nacin, and Koop. In addition to giving presentations and participating in the unconference sessions, we’ll be involved with a couple of other cool things at WCPDX:

Hacker Room. There will be room set aside for people to work on core bugs and features slated for the 3.3 release. Hopefully PDX developers will hang out in here some of the time helping with the marathon.
Welcome Free Software Projects! Normally WordCamps are 100% focused on WordPress, but in light of Software Freedom Day, the WC PDX organizers, in conjunction with the WordPress Foundation, would like to extend an invitation to all free software projects to participate in WordCamp Portland. There are a couple of rooms set aside that can be used for unconference sessions and/or hacker rooms for other projects. It would be great to have local representatives from a bunch of projects there — almost a micro version of OS Bridge or OSCON — to maximize the free software love and cross-pollinate ideas. Developers from other projects are also welcome in the WP hackathon room if they’d like to pitch in. Saturday will also feature the Software Freedom Day Happy Hour at the end of sessions. For more information or to get your project involved, contact the event organizers via the WordCamp Portland website or email support at wordcamp dot org.
Usability Testing of 3.3 Alpha. As mentioned, we’re about to hit freeze, so we’ll be giving WordCamp Portland attendees a sneak peek at 3.3, seeing how they adjust to the new features, and getting feedback to help us with our last round of fixes before we get to Beta. There will be a signup sheet to participate.

So, if you live it the Portland/Seattle area and haven’t already bought a ticket to attend WordCamp Portland, hurry up, as it’s going to be a great celebration of Software Freedom Day and WordPress.

Share and Enjoy:

WordPress 3.2 Release Candidate

Jun 14th, 2011

by Andrew Nacin.

No comments yet

The first release candidate (RC1) for WordPress 3.2 is now available.

An RC comes after the beta period and before final release. We think we’re done, but with tens of millions of users, a variety of configurations, and thousands of plugins, it’s possible we’ve missed something. So if you haven’t tested WordPress 3.2 yet, now is the time! Please though, not on your live site unless you’re extra adventurous.

Things to keep in mind:

With more than 350 tickets closed, there are plenty of changes. Plugin and theme authors, please test your plugins and themes now, so that if there is a compatibility issue, we can figure it out before the final release.
Users are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause.
Twenty Eleven isn’t quite at the release candidate stage. Contents may settle.
If any known issues crop up, you’ll be able to find them here.

If you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:

Post it to the Alpha/Beta area in the support forums or wp-testers
Join the development IRC channel and tell us live at irc.freenode.net #wordpress-dev
File a bug ticket on the WordPress Trac

To test WordPress 3.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

Happy testing!

If you’d like to know which levers to pull in your testing, check out a list of features in our Beta 1 post.

Share and Enjoy:

WordPress 3.1.3 (and WordPress 3.2 Beta 2)

May 25th, 2011

by Mark Jaquith.

No comments yet

WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements:

Various security hardening by Alexander Concha.
Taxonomy query hardening by John Lamansky.
Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
Improves file upload security on hosts with dangerous security settings.
Cleans up old WordPress import files if the import does not finish.
Introduce “clickjacking” protection in modern browsers on admin and login pages.

Consult the change log for more details.

Download WordPress 3.1.3 or update automatically from the Dashboard ? Updates menu in your site’s admin area.

WordPress 3.2 Beta 2 also available

In other news, our development of WordPress 3.2 development continues right on schedule. We released Beta 1 thirteen days ago, and today we’re putting out Beta 2 for your testing pleasure.

This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’ famous 5-minute install and spin up a secondary test site. Let us know what you think!

The plan is to start putting out release candidates in early June, and to release WordPress 3.2 by the end of the month. The more you help us iron out issues during the beta period, the more likely we are to hit those dates. To misappropriate and mangle a quote from Mahatma Gandhi: “Be the punctuality you want to see in the WordPress.” In other words, test now!

Here are some of the things that changed since Beta 1:

Google Chrome Frame is now supported in the admin, if you have it installed. This is especially useful for IE 6 users (remember, IE 6 is otherwise deprecated for the admin).
The admin is less ugly in IE 7.
The blue admin color scheme has caught up to the grey one, and is ready for testing.
We are now bundling jQuery 1.6.1. You should test any JS that uses jQuery. WordPress JavaScript guru Andrew Ozz has a post with more info.

Download WordPress 3.2 Beta 2

Share and Enjoy:

WordPress Summer of Code 2011

Mar 30th, 2011

by Jane Wells.

No comments yet

For the past several years, WordPress has been a proud participant in the Google Summer of Code program (aka GSoC). We’ve been accepted as a mentoring organization again this year, and are looking forward to working with a select handful of talented college students who are interested in developing for WordPress. Student applications are currently being accepted, and the deadline to apply is April 8. Are you a college student/developer looking for a summer challenge (or do you know one)? If so, read on to find out how you (or your friend) can make $5,000 developing for WordPress this summer. (Best. Summer. Job. Ever.)

GSoC Logistics:

175 mentoring organizations (including WordPress)
Highly competitive and prestigious program (in 2010, 5539 proposals were submitted by 3464 students, and 1026 were accepted)
You must be enrolled in an accredited college/university
Coding period is May-August
Successful completion of project = $5,000
GSoC FAQ answers all your questions

WordPress logistics:

Mentors include WordPress core developers, plugin authors (including BuddyPress and bbPress), mobile app developers, and WordPress professionals.
Projects are limited only by your imagination and ability.
Previous GSoC students have gained responsible roles in WordPress core development, like Dion Hulse and Andrew Nacin (core committers), and Daryl Koopersmith (wrote the internal linking feature in 3.1 and much of the custom menus feature in 3.0).
This year, in addition to accepting project proposals for the main WordPress web app, we’re also encouraging applications for projects with the WordPress mobile apps (iOS, Android, Blackberry, Nokia, Windows Phone 7), for community-developed plugins like BuddyPress and bbPress, and even standalone plugins that could become community projects. Check out our Codex page on GSoC 2011 for some ideas to get you thinking.
Last year we mentored 15 students, and hope to take on about the same number this year.

If you’re a college student/developer, we encourage you to apply. If you’re a professor or a teacher of graduating high school seniors, encourage your students! If you just want to help us spread the word, download the WordPress GSoC flyer and post it on campus bulletin boards in your town. Remember, April 8 is the deadline to apply!

Share and Enjoy:

M	T	W	T	F	S	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Development