WordPress Official Website: http://wordpress.org/
WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions.
This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update.
Three point oh point five
Three point one comes soon
The release addresses a number of issues and provides two additional enhancements:
Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.
One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.
Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.
Thanks to Nils Jueneman and Saddy for their private and responsible disclosures to firstname.lastname@example.org for two of the issues. The others were reported or repaired by our security team.
Official Download Links:
Stable: WordPress 3.0.5
Released On: February 7, 2011
Size: 3.0 MB
Unstable: WordPress 3.1 RC4
* Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role. (r17397, r17406, r17412)
* Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role. (r17401)
* Fix potential information disclosure of posts through the media uploader. Affects users of the Author role. (r17393)
* Enhancement: Force HTML filtering on comment text in the admin (r17400)
* Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid. (r17387)
* Update the license to GPLv2 (or later) and update copyright information for the KSES library.
WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time.
The core software is built by hundreds of community volunteers, and when you’re ready for more there are thousands of plugins and themes available to transform your site into almost anything you can imagine. Over 25 million people have chosen WordPress to power the place on the web they call “home” — we’d love you to join the family.
WordPress 3.1 RC4
The Release Candidate 4 build includes the security fixes and enhancements included in 3.0.5 and addresses about two dozen additional bugs. This includes fixes for:
* Deleting a user and reassigning their posts to another user.
* Marking multiple users or sites as spam in multisite.
* PHP4 compatibility.
As outlined in previous RC posts, if you are testing the release candidate and think you’ve found a bug, there are a few ways to let us know:
* Post it to the Alpha/Beta area in the support forums
* Report it to the wp-testers mailing list
* Join the development IRC channel and tell us live at irc.freenode.net #wordpress-dev
* File a bug ticket on the WordPress Trac
To test WordPress 3.1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If any new issues become known, you’ll be able to find them here.
After nearly five months of development and testing, we think we’re very close to a final release. Users and developers, please test your themes and plugins.
WordPress for iPhone/iPad v2.6
Attention Apple-gadget-owning WordPress users! Have you been using the WordPress iOS app for iPhone and iPad? Or maybe you tried it a while back and thought it wasn’t for you? Either way, the new release — v2.6 — will knock your socks off. Why? A bunch of reasons:
■Video. Record, upload, attach, and play videos within the app. Yay for being able to catch your friends’ and co-workers’ most embarrassing shenanigans creative moments with iPhone video and publish them immediately for all the world to see on your WordPress site.
■A total rewrite of the way local drafts are handled, to prevent the unintentional loss of your pending posts.
■Autosave/post revisions. Bam! One of the “oh, thank goodness” features of the web app makes it into the iOS version.
■Easier setup. Faster and easier process for adding your sites to the app.
■Media Library. We’re gradually getting closer to the media management you’re used to in the web app.
There are also numerous bugfixes and performance enhancements in this release, so if you haven’t been using the app lately, you should consider giving it another try. I’m personally pretty excited to start using the iPhone version more often now that there are all these fixes and new features. Especially the video upload. You know, for those creative moments that make life fun.
You can read the full 2.6 release post on the WordPress for iOS blog, and can download v2.6 from iTunes/the app store. Happy mobile blogging!
* * *
Not an iPhone user? We’ve still got your on-the-go back! Check out the WordPress apps for Android, Blackberry, and Nokia (beta). They’re all 100% GPL, of course, and we’re always looking for contributors to the development projects, so check the blogs if you have mobile dev skills and want to get involved.