WordPress 3.0 "Thelonious"

06.17.10 | Author: Matt Mullenweg | Posted in News | Comments Off

Arm your vuvuzelas: WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download (or upgrade within your dashboard). Major new features in this release include a sexy new default theme called Twenty Ten. Theme developers have new APIs that allow [...]

WordPress 3.0, Beta 1

04.02.10 | Author: Jane Wells | Posted in News | Comments Off

Remember when I posted earlier about the Twitter account, and I said that hopefully you’d find out later today what has been keeping us all so busy? Beta testers, this is your moment: the WordPress 3.0 Beta 1 has arrived!
This is an early beta. This means there are a few things we’re still finishing. We [...]

WordPress 2.9.2

02.15.10 | Author: Ryan Boren | Posted in News | Comments Off

Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2.  As always, you can visit the Tools->Upgrade menu to upgrade.

WordPress 2.9.1

01.04.10 | Author: Ryan Boren | Posted in News | Comments Off

After over a million downloads of WordPress 2.9 and lots of feedback from all of you, we’re releasing WordPress  2.9.1.  This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts.  If any of these issues [...]

WordPress 2.9.1 Release Candidate 1

12.29.09 | Author: Ryan Boren | Posted in News | Comments Off

Thanks to everyone who tested 2.9.1 Beta 1.  We’re following that up with Release Candidate 1.  RC1 contains a few more fixes, bringing the number of fixed tickets up to 23.  If you are already running Beta 1, visit Tools->Upgrade in your blog’s admin to get RC1.  You can also  download the RC1 package and [...]

WordPress 2.9.1 Beta 1

12.23.09 | Author: Ryan Boren | Posted in News | Comments Off

Unfortunately, the recent 2.9 release triggered a bug in certain versions of PHP’s curl extension.  With these versions of curl, scheduled posts and pingbacks are not processed correctly.  To fix this problem as well as a handful of other, lesser issues, we are quickly releasing 2.9.1, the first maintenance release of the 2.9 line.  Help [...]

WordPress 2.9, oh so fine

12.18.09 | Author: Matt | Posted in News | Comments Off

I want to make you mine, all the time… oh wait. Hello. I’m here on behalf of the entire WordPress development team and community to announce the immediate availability of WordPress version 2.9 “Carmen” named in honor of magical jazz vocalist Carmen McRae (whom we’ve added to our Last.fm WP release station). You can upgrade [...]

WordPress 2.8.6 Security Release

11.12.09 | Author: Ryan Boren | Posted in News | Comments Off

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue [...]

WordPress 2.8.5: Hardening Release

10.20.09 | Author: Peter Westwood | Posted in News | Comments Off

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the [...]

WordPress 2.8.4: Security Release

08.11.09 | Author: Matt | Posted in News | Comments Off

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password [...]

WordPress 2.8.3 Security Release

08.03.09 | Author: Ryan Boren | Posted in News | Comments Off

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.  Since this is a security release, upgrading is highly recommended.  Download [...]

WordPress 2.8.2

07.19.09 | Author: Ryan Boren | Posted in News | Comments Off

WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.  Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.

WordPress 2.8.1

07.09.09 | Author: Ryan Boren | Posted in News | Comments Off

WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe.
What [...]

WordPress 2.8.1 Release Candidate 1

07.07.09 | Author: Ryan Boren | Posted in News | Comments Off

2.8.1 is nigh.  Release Candidate 1 is our last stop before the final release.  Please download RC1, review the changes made since beta 2, and have a look at all of the tickets fixed in 2.8.1.  Thanks for testing WordPress.