Category Archives: Wordpress

WordPress 3.5.1 Maintenance and Security Release

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:

  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you will need to follow the steps outlined on the Codex.

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Download 3.5.1 or visit Dashboard → Updates in your site admin to update now.

2012: A Look Back

Another year is coming to a close, and it’s time to look back and reflect on what we’ve accomplished in the past twelve months. The WordPress community is stronger than ever, and some of the accomplishments of the past year are definitely worth remembering.

Software Releases

We had two major releases of the WordPress web application with versions 3.4 and 3.5, as well as 5 security releases during 2012. 3.4 included the theme customizer, while 3.5 became the long awaited “media release” featuring a new uploader and gallery management tool. 3.5 contained code contributions from more people than ever, and we hope to continue growing the contributor ranks in the year ahead. We currently have native apps on 6 mobile platforms — iOS, Android, Blackberry, Windows Phone, Nokia, and WebOS — and saw several updates there as well.

Plugin Directory

A number of improvements were made to the Plugin Directory in 2012. More cosmetic  updates, like the introduction of branded plugin page headers, make it a nicer browsing experience, while functional changes like better-integrated support forums, plugin reviews, and a favorites system made the plugin directory even more useful as a resource.

The “Make” Network and Team Reps

2012 was the year that saw the creation of Make.wordpress.org, a network of sites for the teams of contributors responsible for the different areas of the WordPress project. Now anyone can follow along and get involved with the teams that work on core, theme review, forum support, documentation, and more. In 2013 we’ll work to improve these sites to make it easier to become a contributor. Each team also now has elected Team Reps, a new role that has already led to more cross-team communication. Team reps post each week to the Updates blog so that the other reps can keep up with what’s going on in other teams.

WordPress Community Summit

At the end of October, about 100 of the most influential and respected members of the WordPress community attended an inaugural summit to discuss where we all stand, and to figure out where we go next with WordPress. A “conference of conversations,” this unconference made everyone an active participant, and while not every issue brought to the table was solved by the end of the event, the right questions were being asked.

Meetup.com

The WordPress Foundation now has a central account with Meetup.com. We’ve brought in a couple dozen existing meetup groups as a pilot to test the system, and are in the process of working with more existing meetups (as well as new ones) to join us so that local organizers won’t have to pay organizer dues and can get more support from the WordPress project.

Internet Blackout Day

We participated in the protest against SOPA/PIPA, Internet Blackout Day, on January 18. Though we usually stay out of politics, this campaign was important, and we not only participated in the blackout on WordPress.org, we encouraged our users to do so as well, and recommended plugins to provide blackout functionality. It was deemed the largest online protest in history.

WordCamps

And finally, it wouldn’t be a recap without counting up the WordCamps! There were 67 WordCamps around the world in 2012, bringing together WordPress users, developers, and fans. If you didn’t make it to a WordCamp this year, maybe it can be one of your new year resolutions: check the schedule to find one near you!

WordPress 3.5 “Elvin”

It’s the most wonderful time of the year: a new WordPress release is available and chock-full of goodies to delight bloggers and developers alike. We’re calling this one “Elvin” in honor of drummer Elvin Jones, who played with John Coltrane in addition to many others.

If you’ve been around WordPress a while, the most dramatic new change you’ll notice is a completely re-imagined flow for uploading photos and creating galleries. Media has long been a friction point and we’ve listened hard and given a lot of thought into crafting this new system. 3.5 includes a new default theme, Twenty Twelve, which has a very clean mobile-first responsive design and works fantastic as a base for a CMS site. Finally we’ve spent a lot of time refreshing the styles of the dashboard, updating everything to be Retina-ready with beautiful high resolution graphics, a new color picker, and streamlining a couple of fewer-used sections of the admin.

Here’s a quick video overview of everything you can share with your friends:

Introducing WordPress 3.5

JavaScript required to play Introducing WordPress 3.5.

For Developers

You can now put your (or anyone’s) WordPress.org username on the plugins page and see your favorite tagged ones, to make it easy to install them again when setting up a new site. There’s a new Tumblr importer. New installs no longer show the links manager. Finally for multisite developers switch_to_blog() is way faster and you can now install MS in a sub-directory. The Underscore and Backbone JavaScript libraries are now available. The Codex has a pretty good summary of the developer features above and beyond this, and you can always grab a warm beverage and explore Trac directly.

Percussion Section

Behind every great release is great contributors. 3.5 had more people involved than any release before it:

Aaron D. Campbell, aaronholbrook, Aaron Jorbin, Adam Harley, akbortoli, alecrust, Alex Concha, Alex King, Alex Mills (Viper007Bond), alexvorn2, ampt, Amy Hendrix (sabreuse), andrea.r, Andrew Nacin, Andrew Ozz, Andrew Ryno, Andrew Spittle, Andy Skelton, apokalyptik, Bainternet, Barry Kooij, bazza, bbrooks, Ben Casey, Ben Huson, Ben Kulbertis, bergius, Bernhard Riedl, betzster, Billy (bananastalktome), bolo1988, bradparbs, bradthomas127, Brady Vercher, Brandon Dove, Brian Layman, Brian Richards, Bronson Quick, Bryan Petty, cannona, Caroline Moore, Caspie, cdog, Charles Frees-Melvin, chellycat, Chelsea Otakan, Chouby, Chris Olbekson, Christopher Finke, Chris Wallace, Cor van Noorloos, Cristi Burcă, Dan, Dan Rivera, Daryl Koopersmith, Dave Martin, deltafactory, Dion Hulse, DjZoNe, dllh, Dominik Schilling, doublesharp, Drew Jaynes (DrewAPicture), Drew Strojny, Eddie Moya, elyobo, Emil Uzelac, Empireoflight, Eric Andrew Lewis, Erick Hitter, Eric Mann, ericwahlforss, Evan Solomon, fadingdust, F J Kaiser, foxinni, Gary Cao, Gary Jones, Gary Pendergast, GeertDD, George Mamadashvili, George Stephanis, GhostToast, gnarf, goldenapples, Gustavo Bordoni, hakre, hanni, hardy101, hebbet, Helen Hou-Sandi, Hugo Baeta, iamfriendly, Ian Stewart, ikailo, Ipstenu (Mika Epstein), itworx, j-idris, Jake Goldman, jakub.tyrcha, James Collins, jammitch, Jane Wells, Japh, JarretC, Jason Lemahieu (MadtownLems), javert03, jbrinley, jcakec, Jeff Bowen, Jeff Sebring, Jeremy Felt, Jeremy Herve, Jerry Bates (JerrySarcastic), Jesper Johansen (Jayjdk), jndetlefsen, Joe Hoyle, joelhardi, Joey Kudish, John Blackbourn (johnbillion), John James Jacoby, John P. Bloch, Jonas Bolinder, Jonathan D. Johnson, Jon Cave, joostdekeijzer, Jorge Bernal, Joseph Scott, Juan, Justin Sainton, Justin Sternberg, Justin Tadlock, Kailey Lampert (trepmal), Kelly Dwan, Keruspe, kitchin, Knut Sparhell, Konstantin Kovshenin, Konstantin Obenland, Kopepasah, Kristopher Lagraff, Kurt Payne, Kyrylo, Lance Willett, Larysa Mykhas, leogermani, lesteph, linuxologos, Luc De Brouwer, Luke Gedeon, Lutz Schroer, mailnew2ster, Manuel Schmalstieg, Maor Chasen, Marco, MarcusPope, Mark Jaquith, Marko Heijnen, MartyThornley, mattdanner, Matthew Richmond, Matt Martz, Matt Thomas, Matt Wiebe, mattyrob, Max Cutler, Mel Choyce, Mert Yazicioglu, Michael Adams (mdawaffe), Michael Fields, Mike Bijon, Mike Glendinning, Mike Hansen, Mike Little, Mike Schinkel, Mike Schroder, Mike Toppa, Milan Dinic, mitcho (Michael Yoshitaka Erlewine), Mohammad Jangda, mohanjith, mpvanwinkle77, Mr Papa, murky, Naoko Takano, Nashwan Doaqan, Niall Kennedy, Nikolay Bachiyski, ntm, nvartolomei, pavelevap, pdclark, Pete Mall, Peter Westwood, Pete Schuster, Philip Arthur Moore, Phill Brown, picklepete, Picklewagon, Prasath Nadarajah, r-a-y, Rami Yushuvaev, Ricardo Moraleida, Robert Chapin (miqrogroove), Robert Wetzlmayr, Ron Rennick, rstern, Ryan Boren, Ryan Imel, Ryan Koehler, Ryan Markel, Ryan McCue, Safirul Alredha, Samir Shah, Sam Margulies, Samuel Wood (Otto), sara cannon, Satish Gandham, scott.gonzalez, Scott Kingsley Clark, Scott Reilly, Scott Taylor, ScreenfeedFr, sergey.s.betke, Sergey Biryukov, Simon Prosser, Simon Wheatley, sirzooro, ssamture, sterlo, sumindmitriy, sushkov, swekitsune, Takashi Irie, Taylor Dewey, Taylor Lovett, Terry Sutton, Thomas Griffin, Thorsten Ott, timbeks, timfs, Tim Moore, TobiasBg, TomasM, Tom Auger, tommcfarlin, Tom Willmot, toscho, Travis Smith, Vasken Hauri, Vinicius Massuchetto, Vitor Carvalho, Waclaw, WaldoJaquith, Wojtek Szkutnik, Xavier Borderie, Yoav Farhi, Yogi T, Zack Tollman, and ZaMoose.