WordPress.org

WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks! This maintenance release addresses 18 bugs with version 3.4, including:

• Fixes an issue where a theme’s page templates were sometimes not detected.
• Addresses problems with some category permalink structures.
• Better handling for plugins or themes loading JavaScript incorrectly.
• Adds early support for uploading images on iOS 6 devices.
• Allows for a technique commonly used by plugins to detect a network-wide activation.
• Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.

Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.

Download 3.4.1 now or visit Dashboard → Updates in your site admin to update now.

Green was a bit green
We have hardened it up some
Update WordPress now

WordPress 3.4 is here and out the door. We’ve dubbed this release “Green” in honor of guitarist Grant Green whose soulful simplicity has kept many of us company during this release.

This release includes significant improvements to theme customization, custom headers, Twitter embeds, and image captions — here’s a short clip with the highlights:

Introducing WordPress 3.4 "Green"

▶

For Users

The biggest change in 3.4 is the theme customizer which allows you to play around with various looks and settings for your current theme or one you’re thinking about switching to without publishing those changes to the whole world. For themes that support it, you can change colors, backgrounds, and of course custom image headers. We have more planned for the customizer down the road.

Throughout the rest of the admin you’ll notice tweaks to make your everyday life easier. For example, if you have lots of themes we’ve made it quicker to browse them all at once without paging. We’ve made it possible to use images from your media library to populate custom headers, and for you to choose the height and width of your header images.

We’ve expanded our embed support to include tweets: just put a Twitter permalink on its own line in the post editor and we’ll turn it into a beautiful embedded Tweet. And finally, image captions have been improved to allow HTML, like links, in them.

For Developers

There are hundreds of under-the-hood improvements in this release, notably in the XML-RPC, themes, and custom header APIs, and significant performance improvements in WP_Query and the translation system. The Codex has a pretty good summary of the developer features, and you can always dive into Trac directly.

We’ve also put together a busy developer’s field guide to the new APIs in 3.4.

It takes a village

Here are some of the fine folks who were involved in bringing 3.4 to the world:

082net, Aaron D. Campbell, Adam Harley, AJ Acevedo, akshayagarwal, Alex Concha, Alex King, Alex Mills (Viper007Bond), ampt, Amy Hendrix, Andrea Rennick, Andrew Nacin, Andrew Ozz, Andrew Ryno, Andy Skelton, Arie Putranto, Austin Matzko, Barry, BenChapman, Ben Huson, Benjamin J. Balter, Bill Erickson, Billy (bananastalktome), Boone Gorges, camiloclc, casben79, Caspie, ceefour, cheald, chellycat, Chelsea Otakan, Chip Bennett, Chris Olbekson, Coen Jacobs, Cristi Burcă, Cyapow, Dan Collis-Puro, Daniel Bachhuber, Daniel Convissor, Daniel Jalkut (Red Sweater), daniloercoli, Daryl Koopersmith, David Gwyer, deltafactory, demetris, Dion Hulse, dllh, Dominik Schilling, Doug Provencio, Drew Jaynes (DrewAPicture), ebababi, edward-mindreantre, emhr, Empireoflight, Eric Andrew Lewis, Eric Mann, Evan Anderson, Evan Solomon, Fred Wu, Fumito Mizuno, Gary Cao, Gary Jones, Gautam, Gennady Kovshenin, George Mamadashvili, George Stephanis, Gustavo Bordoni, hearvox, Helen Hou-Sandi, Hugo Baeta, Ian Stewart, insertvisionhere, Ipstenu, Jacob Chappell, Jane Wells, Japh, jaquers, JarretC, jeremyclarke, Jeremy Felt, Jesper Johansen (Jayjdk), Jiehan Zheng, Joachim Jensen (Intox Studio), Joachim Kudish (jkudish), John Blackbourn (johnbillion), John Ford, John James Jacoby, Jon Cave, Joost de Valk, Jorge Bernal, Joseph Scott, Justin, Justin Givens, Kailey Lampert (trepmal), Kenan Dervisevic, Konstantin Kovshenin, Konstantin Obenland, Kristopher Lagraff, Kurt Payne, Lance Willett, Lardjo, Lee Willis (leewillis77), linuxologos, Lutz Schroer, Mantas Malcius, Marcus, Mark Jaquith, Marko Heijnen, Mark Rowatt Anderson, Matias Ventura, Matt Martz, mattonomics, Matt Thomas, Matt Wiebe, MattyRob, Max Cutler, Mert Yazicioglu, mgolawala, Michael Adams (mdawaffe), Michael Beckwith, Michael Fields, Mike Schinkel, Mike Schroder, Mike Toppa, Milan Dinic, mitcho (Michael Yoshitaka Erlewine), Mohammad Jangda, mrtorrent, Name.ly, Naoko McCracken, Nashwan Doaqan, Niall Kennedy, Nikolay Yordanov, norocketsurgeon, npetetin, Nuno Morgadinho, Olivier Collet, Paul Biron, pavelevap, Pete Mall, Peter Westwood, pishmishy, Prasath Nadarajah, prettyboymp, Ptah Dunbar, pw201, Rami Yushuvaev, Rarst, RENAUT, Reuben Gunday, Roscius, Ross Hanney, russellwwest, Ryan Boren, Ryan Duff, Ryan McCue, Safirul Alredha, Samir Shah, Samuel “Otto” Wood, Seisuke Kuraishi, Sergey Biryukov, Simon Wheatley, sirzooro, sksmatt, Stas Sușkov, Stephane Daury (stephdau), tamlyn, Thomas Griffin, Thorsten Ott, TobiasBg, Tom Auger, Toni Viemero, transom, Ulrich Sossou, Utkarsh Kukreti, Wojtek Szkutnik, wonderslug, Xavier Borderie, Yoav Farhi, Zach “The Z Man” Abernathy, Zack Tollman, Ze Fontainhas, and zx2c4.

See you next time!

The third release candidate for WordPress 3.4 is now available. Since RC2, we’ve fixed a few lingering issues with the new live preview feature, as well as with custom headers and backgrounds.

There are no remaining issues, and we plan to release 3.4 in the coming days. But if you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums, or file a bug report on WordPress Trac.

To test WordPress 3.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). Be sure to visit → About for an updated list of features and under-the-hood changes. As a reminder: We’ve published some resources on the development blog to help plugin and theme developers prepare.

The new live preview
Nearing perfection, and yet?
Not yet. RC3

The second release candidate for WordPress 3.4 is now available. Since RC1, we’ve made a few dozen final changes.

Our goal is to release WordPress 3.4 early next week, so plugin and theme authors, this is likely your last chance to test your plugins and themes to find any compatibility issues before the final release. We’ve published some resources on the development blog to help you prepare.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a reproducible bug report, file one on WordPress Trac. Known issues that crop up will be listed here, but we’re hoping for a quiet few days so we can get some great features into your hands next week!

To test WordPress 3.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). Be sure to visit → About for an updated list of features and under-the-hood changes.

The first release candidate (RC1) for WordPress 3.4 is now available.

An RC comes after the beta period and before final release. We think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. So if you haven’t tested WordPress 3.4 yet, now is the time! Please though, not on your live site unless you’re adventurous.

With more than 500 tickets closed, there are quite a few changes. Plugin and theme authors, please test your plugins and themes now, so that if there is a compatibility issue, we can figure it out before the final release.

If you are testing the release candidate and think you’ve found a bug, please post to the Alpha/Beta area in the support forums. If any known issues crop up, you’ll be able to find them here.

To test WordPress 3.4, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip).

If you’d like to know which levers to pull in your testing, visit the About page ( → About in the toolbar) and check out the list of features! You’ll definitely want to try the live theme previews.

Bonus: Happy birthday WordPress — nine years old today.

Been hanging out with a few WordPress.org hackers — Scott, Nacin, and Otto — the last few days in a BBQ-fueled haze of hacking to make plugin directory better. There are over 19,000 plugins listed and they’re really the heart and soul of WordPress for many people, so they deserve a little tender loving care. Here’s a quick before and after snapshot you can zoom in on to see a visual overview of some of the changes:

Our first focus was around improving the discussion and support around plugins.

You’ll now notice that threads about a plugin are pulled directly into a “support” tab on the plugin page — each plugin has its own forum. We’ve made authors much more prominent and with bigger Gravatars and better placement, so you can get a sense of who made the plugin you’re using. And finally to show how active and well-supported a plugin is, you can see  ”16 of 75 support threads in the last two weeks have been resolved.” Finally, if you’re logged in you get access to the new “favorites” feature that lets you mark the plugins you use the most so you can share them on your profile page and find them quickly later. We soft-launched favorites a few days ago and there have already been 2,000 saved!

If you’re a plugin author, we’ve started with a short threshold (2 weeks) for the resolved stats so it’s easy to catch up and stay on top of it. (It’ll eventually go to two months.) You also now have the ability to set stickies on your plugin forum to put FAQs or important information at the top, and of course any person you put as a committer on the plugin will have moderation access. People on the forum tag will see your custom header and links to the other resources attached to your plugin.

We’ve tightened up the styling a bit on the forums and plugin pages, though still some cleanups to do there. Some older improvements you might have missed, but are still useful for users and developers alike:

• “Plugin headers” or those cool graphics you see at the top of plugin pages have really taken off, there are over 1,600 active now.
• You can now subscribe to get an email whenever a commit is made to a plugin repository even if it isn’t yours. There is no better way to follow the development of your favorite plugins. There’s nothing like the smell of fresh changesets in the morning.
• Behind the scenes, we’ve dramatically ramped up proactive scanning of the entire repository to help authors fix security and other problems they might not even know about yet. The quality level of the repo has gone way, way up.

All of this will continue to evolve as we get feedback and see usage, but we’re happy to have been able to make some key improvements in just a few days while hanging out in Memphis. (This is why WordCamps usually have BBQ — it imparts magical coding powers.)

Each year, the WordPress core development team meets in person for a week to work together and discuss the vision for WordPress in the coming year. As annual events go, it’s easily my favorite. Don’t get me wrong, I love attending WordCamps and local WordPress meetups (which are awesome and you should try to attend if you are able), but at the core team meetup, the focus on working together and getting things done is unique, as is the experience of every person in the room being so highly qualified. This year, instead of just planning a core team meetup, I’m aiming a little higher and shooting for a full-on contributor/community summit.

Core code isn’t the only way to contribute to the WordPress project. We have an active theme review team, support forum volunteers, people writing documentation, plugin managers, community event organizers, translators, and more. The teams have been siloed for too long, so we’ve recently begun the process of bringing them together by having teams elect representatives to facilitate more communication between the contributor groups. These reps will form the nucleus of the contributor summit now being planned for a long weekend at the end of October in Tybee Island, GA. This is completely different from a WordCamp. It will be a combination of co-working, unconference, and discussions among the project leaders, and participation will be by invitation.

In addition to bringing together the active contributor team reps to work together, I think it’s important to include community members who don’t fall into that category (at least not yet!). Successful WordPress-based business, authors of popular plugins and themes, and people using WordPress in unexpected but intriguing ways should have a place at the table, too. That said, part of the magic of the core team meetup is the small size; it allows every voice not only to be heard, but to engage. Since this is my first attempt at bringing together so many groups and points of view, I want to try and keep it small enough to retain that personal atmosphere while at the same time ensuring that the best possible mix of people and businesses in the WordPress ecosystem is represented. This is where you come in!

Taking a cue from events with limited availability like AdaCamp (attendance) and the jQuery conference (speaker roster), I want you to nominate people and/or WordPress-based businesses to participate in the summit. Yes, you can nominate yourself.* You can nominate up to 10 additional people — be prepared to provide URLs and the reason you think they should participate. You can also nominate up to 10 WordPress-based businesses without naming individual people, so if there’s a theme or hosting company (for example) that you think should be there, you don’t need to go looking for employee names. This nomination process will hopefully ensure that we don’t overlook someone who is making a difference in our community when it comes time to issue invitations.

Nominations will be open for a week, after which the survey will be closed and the process of analyzing the results** will begin. The nominations process will lead to invitations in June, confirmations in July, planning in August and September, and the summit itself in October. Hopefully we can stream and/or record some of the activity to share online at WordPress.tv. Additional invitations may be extended up until the event if there are people/businesses that become more active in the community. If you’re thinking to yourself that maybe now’s the perfect time to start contributing time to the WordPress project, good thinking! In the meantime, if you want to weigh in, fill in the community summit nomination form. Thanks, and wish us luck!

* Nominating yourself: Do nominate yourself if you fall into one of the categories described in the post above, or if you believe that you have a unique point of view. Please do not nominate yourself if you just think it would be cool to hang out with this group. This is a working event, and everyone is expected to bring something special to the table.

** I (and/or a helpful community volunteer) will sift through the nominations and compile a shortlist of the most-nominated people/businesses and the most intriguing underdogs. This list will be reviewed by the summit planning committee (made up of team reps) to create the invitation list.

Less bugs, more polish, the same beta disclaimers. Download, test, report bugs. Thanks much. /ryan #thewholebrevitything

WordPress 3.3.2 is available now and is a security update for all previous versions.

Three external libraries included in WordPress received security updates:

• Plupload (version 1.5.4), which WordPress uses for uploading media.
• SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
• SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.

WordPress 3.3.2 also addresses:

• Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
• Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
• Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2. Consult the change log for more details.

Download WordPress 3.3.2 or update now from the Dashboard → Updates menu in your site’s admin area.

WordPress 3.4 Beta 3 also available

Our development of WordPress 3.4 development continues. Today we are proud to release Beta 3 for testing. Nearly 90 changes have been made since Beta 2, released 9 days ago. (We are aiming for a beta every week.)

This is still beta software, so we don’t recommend that you use it on production sites. But if you’re a plugin developer, a theme developer, or a site administrator, you should be running this on your test environments and reporting any bugs you find. (See the known issues here.) If you’re a WordPress user who wants to open your presents early, take advantage of WordPress’s famous 5-minute install and spin up a secondary test site. Let us know what you think!

Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2. Download WordPress 3.4 Beta 3 or use the WordPress Beta Tester plugin.

Howdy, folks! Another week, another beta. Since we released Beta 1 last week, we’ve committed more than 60 bug fixes and feature adjustments based on testing and feedback. If you’ve been testing Beta 1, please update to Beta 2 to make sure things are still working for you. If you are a theme or plugin author and have not yet started testing your code against the 3.4 beta, now’s the perfect time to start. And as always, if you find any bugs, let us know! Full details on testing and bug reporting can be found in last week’s Beta 1 post.

Download WordPress 3.4 Beta 2