A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something ...Read More
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in ...Read More
Every now and then I see someone ask in the dev channel how they can meet up with other local WordPress developers. We’re thinking about ways to make WordPress.org more of a resource to facilitate local connections, but in the ...Read More
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues ...Read More
Earlier this month, over 3500 of you responded to our survey asking you to help us prioritize some of the media features that had been suggested for the 2.9 release. While the exact features for 2.9 have not been hammered ...Read More
The WordPress team had initially committed to maintaining the WordPress 2.0.x legacy branch until 2010. Unfortunately, we bit off more than we could chew—the 2.0.x branch is now retired and deprecated, a few months shy of 2010.
Many of the security ...Read More
We’ve recently made some changes to help improve the communication between plugin authors and plugin users about the changes that are made between versions.
We feel that all software should have a changelog that details, at a high level, what changes ...Read More
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade ...Read More
WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all ...Read More
2.8.1 is nigh. Release Candidate 1 is our last stop before the final release. Please download RC1, review the changes made since beta 2, and have a look at all of the tickets fixed in 2.8.1. Thanks for testing WordPress.
Read More