Changelog:
4.5.1:
Summary
From the announcement post, WordPress Version 4.5.1 fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads.
This maintenance release fixes a total of 12 bugs in Version 4.5 including:
Build/Test Tools
#36498 Shrinkwrap npm dependencies for 4.5
Bundled Theme
#36510 Twenty eleven page templates with widgets incorrectly styled
Customize
#36457 Customizer Device Preview: Use px units for tablet preview size
Database
#36629 Database connect functions can cause un-catchable warnings
Editor
#36458 Fix support for Safari + VoiceOver when editing inline links
Emoji
#36604 Emoji skin tone support test incorrectly passing in Chrome
Feeds
#36620 Feeds using an rss-http content type are now served as application/octet-stream
Media
#36501 Fatal error: Undefined class constant 'ALPHACHANNEL_UNDEFINED'
#36578 wp_ajax_send_attachment_to_editor() bug
#36621 Don’t cache the results of wp_mkdir_p() in a persistent cache
Rewrite Rules
#36506 Duplicate directives in web.config after WordPress 4.5 installation on Windows
TinyMCE
#36545 WordPress TinyMCE toolbar/tabs unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit)
Changelog:
On December 8, 2015, WordPress Version 4.4, named for jazz musician Clifford Brown, was released to the public. For more information on this enhancement and bug-fix release, read the WordPress Blog, and see the Changelog for 4.4.
For Version 4.4, the database version (db_version in wp_options) changed to 35700, and the Trac revision was 35842.
Highlights
twenty-sixteen-white-desktop-1x.png
New Default Theme - Twenty Sixteen
Modern take on the classic blog design
Flexible header and fun color schemes will make your content shine
Mobile-first and responsive
The Finer Points
responsive-devices-desktop-1x.png
Responsive images:
WordPress now takes a smarter approach to displaying appropriate image sizes on any device, ensuring a perfect fit every time. You don’t need to do anything to your theme, it just works.
wp embed preview.png
Embed your WordPress content:
Now you can embed your posts on other sites, even other WordPress sites. Simply drop a post URL into the editor and see an instant embed preview, complete with the title, excerpt, and featured image if you’ve set one. We’ll even include your site icon and links for comments and sharing.
reverbnation embed.png
Even more embed providers:
In addition to post embeds, WordPress 4.4 also adds support for five new oEmbed providers: Cloudup, Reddit Comments, ReverbNation, Speaker Deck, and VideoPress.
For Developers
REST API infrastructure: Infrastructure for the REST API has been integrated into core, the first part of a multi-stage rollout. Inclusion of core endpoints is targeted for an upcoming release. To get a sneak peek of the core endpoints, and for more information on extending the REST API, check out the official WordPress REST API plugin.
Term meta: Terms now support metadata, just like posts. See add_term_meta(), get_term_meta(), and update_term_meta() for more information.
Comment query improvements: Comment queries now have cache handling to improve performance. New arguments in WP_Comment_Query make crafting robust comment queries simpler.
Term, comment, and network objects: New WP_Term, WP_Comment, and WP_Network objects make interacting with terms, comments, and networks more predictable and intuitive in code.
What's New
General
Developer reference - Improvements to inline code documentation.
i18n support - Improvements to translation strings all over the core.
Admin page headings were adjusted from H3 to H2 tags to reinforce page hierarchy
Improvements to how list tables are displayed on all size screens
Posts
The post/page permalink UI was simplified, linking the permalink and removing the "View" button
Media
Comments
The "View Comment" link was relocated from the Status meta box in the comment-editing screen
Many comment functions can now accept a full object instead of 'comment_ID' to reduce cache/db lookups
Orphaned comments now fall back to the 'edit_posts' capability
Appearance
Site icons will now fall back to the 'full' size URL when the 'thumbnail' size doesn't exist
Users
Install Process
Multisite
The language chooser was added to the new site form on wp-signup.php
Sites may no longer be created with the following reserved slugs: wp-admin, wp-content, wp-includes, or wp-json
Accessibility
Under The Hood
General
Unclosed HTML elements in shortcode attributes were disallowed
HTML was removed from all translatable text strings
Rewrite rules are now flushed on theme switch
Most core classes were moved to their own files
Embeds
Add oEmbed support for Cloudup.
Add oEmbed support for Reddit Comments.
Add oEmbed support for ReverbNation.
Add oEmbed support for Speaker Deck.
Add oEmbed support for VideoPress.
Remove oEmbed support for Blip.
JavaScript
Customizer: Ensure persistence of unchanged active state for controls, sections, and panels
Customizer: Fixed logic for determining the container element when focusing on a panel, section, or control
Customizer: Fixed clearing of a color control's setting by using proper empty value
Bug Fixes
Fail gracefully when checking mapped capabilities against unregistered post types
Visibility was restored for the Tags auto-suggest tooltip in Quick Edit
The $public_only parameter was added to count_user_posts()
Cron: Events are now rejected when the provided $timestamp value is not a valid timestamp
Users with no role are now redirected to the home page on login instead of their profile-editing screen
Multisite
A network can now be retrieved by its ID through WP_Network::get_instance()
A network can now be created or completed by passing arguments to WP_Network
Network-level capabilities were clarified and some long-time bugs were fixed
Classes
What's New
WP_Comment
WP_Comment_Query->$found_comments
WP_Comment_Query->$max_num_pages
WP_Comment_Query->$meta_query_clauses
WP_Comment_Query->$sql_clauses
WP_Comment_Query::fill_descendants()
WP_Comment_Query::get_comment_ids()
WP_Customize_Manager->$autofocus
WP_Customize_Manager->$preview_url
WP_Customize_Manager->$return_url
WP_Customize_Manager::customize_pane_settings()
WP_Customize_Manager::get_autofocus()
WP_Customize_Manager::get_document_title_template()
WP_Customize_Manager::get_preview_url()
WP_Customize_Manager::get_return_url()
WP_Customize_Manager::is_ios()
WP_Customize_Manager::set_autofocus()
WP_Customize_Manager::set_preview_url()
WP_Customize_Manager::set_return_url()
WP_Customize_Setting->$is_multidimensional_aggregated
WP_Customize_Setting->$is_previewed
WP_Customize_Setting::$aggregated_multidimensionals
WP_Customize_Setting::_multidimensional_preview_filter()
WP_Customize_Setting::aggregate_multidimensional()
get_root_value/ WP_Customize_Setting::get_root_value()
id_data/ WP_Customize_Setting::id_data()
set_root_value/ WP_Customize_Setting::set_root_value()
WP_Customize_Widgets::get_widget_control_parts()
WP_Customize_Widgets::is_panel_active()
WP_Filesystem_SSH2::sftp_path()
WP_HTTP_Response
WP_List_Table::get_primary_column()
WP_Locale->$start_of_week
WP_MS_Sites_List_Table::column_id()
WP_MS_Users_List_Table::column_id()
WP_Media_List_Table->$comment_pending_count
WP_Network
WP_Posts_List_Table::get_edit_link()
WP_Query->$is_embed
WP_Query->$updated_comment_meta_cache
WP_Query->$updated_term_meta_cache
WP_Query::is_embed()
WP_Query::lazyload_comment_meta()
WP_Query::lazyload_term_meta()
WP_REST_Request
WP_REST_Response
WP_REST_Server
WP_Screen->$_screen_reader_content
WP_Screen::get_screen_reader_content()
WP_Screen::get_screen_reader_text()
WP_Screen::remove_screen_reader_content()
WP_Screen::render_list_table_columns_preferences()
WP_Screen::render_meta_boxes_preferences()
WP_Screen::render_screen_reader_content()
WP_Screeb::render_view_mode()
WP_Screen::set_screen_reader_content()
WP_Term
>$update WP_Theme
WP_User::__unset()
>$request WP_User_Query
WP_User_Query::fill_query_vars()
WP_Users_List_Table::get_role_list()
WP_Widget_Calendar::$instance
WP_Widget_Tag_Cloud::_get_current_taxonomy()
WP_oEmbed_Controller
wpdb->$termmeta
Deprecated
Functions
What's New
_prime_comment_caches()
add_network_option()
add_term_meta()
delete_network_option()
delete_term_meta()
enqueue_embed_scripts()
get_header_image_tag()
get_html_split_regex()
get_network_option()
get_oembed_endpoint_url()
get_oembed_response_data()
get_oembed_response_data_rich()
get_password_reset_key()
get_post_embed_html()
get_post_embed_url()
get_preview_post_link()
get_rest_url()
get_shortcode_atts_regex()
get_subdirectory_reserved_names()
get_term_meta()
get_the_author_posts_link()
get_the_comments_navigation()
get_the_comments_pagination()
get_the_post_thumbnail_url()
is_embed()
is_post_type_viewable()
is_registered_sidebar()
map_deep()
print_embed_comments_button()
print_embed_scripts()
print_embed_sharing_button()
print_embed_sharing_dialog()
print_embed_styles()
register_rest_route()
rest_api_default_filters()
rest_api_init()
rest_api_loaded()
rest_api_register_rewrites()
rest_cookie_check_errors()
rest_cookie_collect_status()
rest_do_request()
rest_ensure_request()
rest_ensure_response()
rest_get_date_with_gmt()
rest_get_url_prefix()
rest_handle_deprecated_argument()
rest_handle_deprecated_function()
rest_handle_options_request()
rest_output_link_header()
rest_output_link_wp_head()
rest_output_rsd()
rest_parse_date()
rest_send_allow_header()
rest_send_cors_headers()
rest_url()
signup_get_available_languages()
strip_fragment_from_url()
stripslashes_from_strings_only()
the_comments_navigation()
the_comments_pagination()
the_excerpt_embed()
the_header_image_tag()
the_post_thumbnail_url()
update_network_option()
update_term_meta()
update_termmeta_cache()
urldecode_deep()
wp_ajax_delete_inactive_widgets()
wp_ajax_generate_password()
wp_ajax_save_wporg_username()
wp_calculate_image_sizes()
wp_calculate_image_srcset()
wp_embed_excerpt_attachment()
wp_embed_excerpt_attachment()
wp_filter_oembed_result()
wp_get_attachment_image_sizes()
wp_get_attachment_image_srcset()
wp_get_attachment_image_url()
wp_get_document_title()
wp_get_server_protocol()
wp_get_users_with_no_role()
wp_handle_comment_submission()
wp_image_add_srcset_and_sizes()
wp_installing()
wp_is_numeric_array()
wp_make_content_images_responsive()
wp_maybe_decline_date()
wp_new_comment_notify_moderator()
wp_new_comment_notify_postauthor()
wp_oembed_add_discovery_links()
wp_oembed_add_host_js()
wp_oembed_ensure_format()
wp_oembed_register_route()
wp_parse_url()
wp_remote_retrieve_cookie()
wp_remote_retrieve_cookie_value()
wp_remote_retrieve_cookies()
wp_removable_query_args()
wp_rest_server_class()
wp_send_new_user_notifications()
wp_term_is_shared()
Deprecated
wp_get_http()
Actions & Filters
New Actions
after_password_reset
after_signup_site
after_signup_user
attachment_updated
before_signup_header
clean_user_cache
customize_post_value_set
customize_post_value_set_{$setting_id}
delete_plugin
delete_widget
deleted_plugin
edit_user_created_user
embed_content
embed_content_meta
embed_footer
embed_head
enqueue_embed_scripts
invite_user
manage_posts_extra_tablenav
ms_network_not_found
network_site_new_created_user
network_site_users_created_user
network_user_new_created_user
page_attributes_meta_box_template
post_submitbox_minor_actions
pre_auto_update
register_new_user
rest_api_init
wp_add_nav_menu_item
wp_mail_failed
wp_verify_nonce_failed
New Filters
admin_post_thumbnail_size
comment_excerpt_length
comment_form_fields
content_pagination
customize_loaded_components
dashboard_recent_drafts_query_args
dashboard_secondary_items
default_hidden_columns
document_title_parts
document_title_separator
duplicate_comment_id
embed_html
embed_oembed_discover
embed_site_title_html
embed_template
embed_thumbnail_image_shape
embed_thumbnail_image_size
enclosure_links
expiration_of_site_transient_{$transient}
expiration_of_transient_{$transient}
export_wp_filename
feed_links_show_comments_feed
feed_links_show_posts_feed
found_comments_query
get_header_image_tag
get_page_of_comment
get_page_uri
get_post_status
get_role_list
get_sample_permalink
get_terms_defaults
get_{$adjacent}_post_excluded_terms
hidden_columns
illegal_user_logins
image_get_intermediate_size
insert_user_meta
max_srcset_image_width
mejs_settings
nav_menu_item_args
nav_menu_item_title
navigation_markup_template
network_admin_plugin_action_links
network_admin_plugin_action_links_{$plugin_file}
notify_moderator
notify_post_author
oembed_discovery_links
oembed_endpoint_url
oembed_min_max_width
oembed_response_data
old_slug_redirect_url
plugin_action_links
plugin_action_links_{$plugin_file}
post_edit_category_parent_dropdown_args
post_embed_url
postmeta_form_keys
pre_delete_post
pre_get_document_title
pre_get_lastpostmodified
register_post_type_args
register_taxonomy_args
respond_link
rest_url
rest_url_prefix
screen_options_show_submit
show_network_active_plugins
signup_get_available_languages
subdirectory_reserved_names
submenu_file
taxonomy_labels_{$taxonomy}
the_category_list
the_excerpt_embed
update_right_now_text
user_profile_picture_description
users_list_table_query_args
view_mode_post_types
wp_calculate_image_sizes
wp_calculate_image_srcset
wp_dropdown_users_args
wp_http_ixr_client_headers
wp_post_revision_title_expanded
wp_prepare_revision_for_js
wp_theme_editor_filetypes
xmlrpc_chunk_parsing_size
Changelog:
WordPress 4.3.1 Security and Maintenance Release Posted
September 15, 2015 by Samuel Sidler. Filed under Releases, Security.
WordPress 4.3.1 is now available. This is a security release for
all previous versions and we strongly encourage you to update your
sites immediately.
This release addresses three issues, including two cross-site
scripting vulnerabilities and a potential privilege escalation.
WordPress versions 4.3 and earlier are vulnerable to a cross-site
scripting vulnerability when processing shortcode tags
(CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of
Check Point. A separate cross-site scripting vulnerability
was found in the user list table. Reported by Ben Bidner of
the WordPress security team. Finally, in certain cases, users
without proper permissions could publish private posts and make
them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel
Rubin of Check Point.
Our thanks to those who have practiced responsible disclosure of
security issues.
WordPress 4.3.1 also fixes twenty-six bugs. For more information,
see the release notes or consult the list of changes.
Download WordPress 4.3.1 or venture over to Dashboard â Updates
and simply click âUpdate Now.â Sites that support automatic background
updates are already beginning to update to WordPress 4.3.1.
Thanks to everyone who contributed to 4.3.1:
Adam Silverstein, Andrea Fercia, Andrew Ozz, Boone Gorges, Brandon
Kraft, chriscct7, Daisuke Takahashi, Dion Hulse, Dominik Schilling,
Drew Jaynes, dustinbolton, Gary Pendergast, hauvong, James Huff,
Jeremy Felt, jobst, Marin Atanasov, Nick Halsey, nikeo, Nikolay
Bachiyski, Pascal Birchler, Paul Ryan, Peter Wilson, Robert Chapin,
Samuel Wood, Scott Taylor, Sergey Biryukov, tmatsuur, Tracy Levesque,
Umesh Nevase, vortfu, welcher, Weston Ruter
Changelog:
Highlights
The Finer Points
Resetting Your Password received attention and 4.3 improves the way that passwords are chosen and changed. You start out with a strong password by default and you are given the option to keep it or choose your own. A password strength meter is available as well as the option to hide your password from prying eyes. You will find the new password interface on the password reset screen and the WordPress install screen. WordPress will no longer send passwords via email and the password reset links will expire in 24 hours. Finally, e-mail notifications will be sent out in the event that an e-mail or password is changed.
Site owners can now manage their site’s favicon on desktop and mobile. Site Icons work out of the box, are theme independent, and do not require theme support.
Multisite Focused Changes
The main change to the Editor is that the content for both Visual and Text editors is prepared/escaped the same (we run the textarea content through the JavaScript wpautop() before initializing TinyMCE).
Comments are now turned off on pages and custom post types by default.
For Developers
Fast previewing changes to Menus in the Customizer
A new theme template has been added to the Template Hierarchy. The singular.php template follows the rules of is_singular and is used for a single post, regardless of post type. It comes in the hierarchy after single.php, page.php, and the variations of each. Themes that used the same code for both of those files (or included one in the other) can now simplify down to the one template.
Changes to Customizer Panels and Sections
New Customizer Media Controls
The Site Icon API is fairly straightforward.
PHP7 is slated for release later this year. One of the changes is that PHP4 style constructors are deprecated. In order to prepare WordPress to support PHP7, these constructors have been deprecated in WordPress core.
Old Distraction Free Writing code has been removed (the code has not been used in the core since 4.1). Plugin authors have had two releases to update their code. If it is essential to your plugin, the files in 4.2 can still be reused and improved.
What's New
General
Posts
Formatting Shortcuts while using visual editor.
Use * or - to start an unordered list.
Use 1. or 1) to start an ordered list.
Use ## for H2 and ### for H3 (etc, through H6).
Use > to transform text into blockquote.
Media
Comments
All new pages that you create will have comments turned off by default.
Appearance
Menus can now be managed with the Customizer, which allows you to see "live" preview changes without changing your site for visitors until you are ready.
Customizer improvements including enhanced accessibility, smoother menu creation and location assignment, and the ability to handle nameless menus.
Take control of another piece of your site with the Site Icon feature. You can now manage your site’s favicon and app icon from the Admin area.
Customize link added in the toolbar to swiftly make changes to your site.
Users
Better Passwords. Password field will be automatically filled with a strong password, while adding new users and resetting the password.
Install Process
Multisite
Accessibility
Under The Hood
General
JavaScript
Bug Fixes
A total of 180 bugs reported against previous versions of WordPress were fixed.
Multisite
Classes
What's New
Customizer API
Introduce WP_Customize_Cropped_Image_Control
Introduce WP_Customize_Manager->$registered_panel_types
Introduce WP_Customize_Manager->$registered_section_types
Introduce WP_Customize_Manager::register_panel_type()
Introduce WP_Customize_Manager::render_panel_templates()
Introduce WP_Customize_Manager::register_section_type()
Introduce WP_Customize_Manager::render_section_templates()
Introduce WP_Customize_Nav_Menu_Auto_Add_Control
Introduce WP_Customize_Nav_Menu_Control
Introduce WP_Customize_Nav_Menu_Item_Control
Introduce WP_Customize_Nav_Menu_Item_Setting
Introduce WP_Customize_Nav_Menu_Location_Control
Introduce WP_Customize_Nav_Menu_Section
Introduce WP_Customize_Nav_Menu_Setting
Introduce WP_Customize_Nav_Menus
Introduce WP_Customize_Nav_Menus_Panel
Introduce WP_Customize_New_Menu_Control
Introduce WP_Customize_New_Menu_Section
Introduce WP_Customize_Panel::print_template()
Introduce WP_Customize_Panel::render_template()
Introduce WP_Customize_Panel::content_template()
Introduce WP_Customize_Section::print_template()
Introduce WP_Customize_Section::render_template()
Introduce WP_Customize_Site_Icon_Control
List Tables
Introduce WP_Links_List_Table::get_default_primary_column_name()
Introduce WP_Links_List_Table::column_cb()
Introduce WP_Links_List_Table::column_name()
Introduce WP_Links_List_Table::column_url()
Introduce WP_Links_List_Table::column_categories()
Introduce WP_Links_List_Table::column_rel()
Introduce WP_Links_List_Table::column_visible()
Introduce WP_Links_List_Table::column_rating()
Introduce WP_Links_List_Table::column_default()
Introduce WP_Links_List_Table::handle_row_actions()
Introduce WP_List_Table::get_default_primary_column_name()
Introduce WP_List_Table::get_primary_column_name()
Introduce WP_List_Table::handle_row_actions()
Introduce WP_Media_List_Table::column_cb()
Introduce WP_Media_List_Table::column_title()
Introduce WP_Media_List_Table::column_author()
Introduce WP_Media_List_Table::column_desc()
Introduce WP_Media_List_Table::column_date()
Introduce WP_Media_List_Table::column_parent()
Introduce WP_Media_List_Table::column_comments()
Introduce WP_Media_List_Table::column_default()
Introduce WP_Media_List_Table::get_default_primary_column_name()
Introduce WP_Media_List_Table::handle_row_actions()
Introduce WP_MS_Sites_List_Table->$status_list
Introduce WP_MS_Sites_List_Table::column_cb()
Introduce WP_MS_Sites_List_Table::column_blogname()
Introduce WP_MS_Sites_List_Table::column_lastupdated()
Introduce WP_MS_Sites_List_Table::column_registered()
Introduce WP_MS_Sites_List_Table::column_users()
Introduce WP_MS_Sites_List_Table::column_plugins()
Introduce WP_MS_Sites_List_Table::column_default()
Introduce WP_MS_Sites_List_Table::get_default_primary_column_name()
Introduce WP_MS_Sites_List_Table::handle_row_actions()
Introduce WP_MS_Themes_List_Table::get_primary_column_name()
Introduce WP_MS_Themes_List_Table::column_cb()
Introduce WP_MS_Themes_List_Table::column_name()
Introduce WP_MS_Themes_List_Table::column_description()
Introduce WP_MS_Themes_List_Table::column_default()
Introduce WP_MS_Themes_List_Table::single_row_columns()
Introduce WP_MS_Users_List_Table::column_cb()
Introduce WP_MS_Users_List_Table::column_username()
Introduce WP_MS_Users_List_Table::column_name()
Introduce WP_MS_Users_List_Table::column_email()
Introduce WP_MS_Users_List_Table::column_registered()
Introduce WP_MS_Users_List_Table::_column_blogs()
Introduce WP_MS_Users_List_Table::column_blogs()
Introduce WP_MS_Users_List_Table::column_default()
Introduce WP_MS_Users_List_Table::get_default_primary_column_name()
Introduce WP_MS_Users_List_Table::handle_row_actions()
Introduce WP_Plugins_List_Table::get_primary_column_name()
Introduce WP_Posts_List_Table->$current_level
Introduce WP_Posts_List_Table::column_cb()
Introduce WP_Posts_List_Table::_column_title()
Introduce WP_Posts_List_Table::column_title()
Introduce WP_Posts_List_Table::column_date()
Introduce WP_Posts_List_Table::column_comments()
Introduce WP_Posts_List_Table::column_author()
Introduce WP_Posts_List_Table::column_default()
Introduce WP_Posts_List_Table::get_default_primary_column_name()
Introduce WP_Posts_List_Table::handle_row_actions()
Introduce WP_Terms_List_Table::get_default_primary_column_name()
Introduce WP_Terms_List_Table::handle_row_actions()
Introduce WP_Users_List_Table::get_default_primary_column_name()
Miscellaneous
Introduce WP_Comments_List_Table::get_default_primary_column_name()
Introduce WP_Comments_List_Table::handle_row_actions()
Introduce WP_Meta_Query->$has_or_relation
Introduce WP_Meta_Query::has_or_relation()
Introduce WP_Site_Icon
Introduce WP_Upgrader::clear_destination()
Introduce WP_User::__call()
Deprecated
Functions
What's New
Introduce wp_ajax_crop_image()
Introduce split_all_shared_terms()
Introduce wp_should_upgrade_global_tables()
Introduce wp_admin_bar_customize_menu()
Introduce wp_roles()
Introduce get_default_comment_status()
Introduce atom_site_icon()
Introduce rss2_site_icon()
Introduce wptexturize_primes()
Introduce convert_invalid_entities()
Introduce format_for_editor()
Introduce _deprecated_constructor()
Introduce get_main_network_id()
Introduce wp_post_preview_js()
Introduce wp_site_icon()
Introduce get_language_attributes()
Introduce wp_resolve_numeric_slug_conflicts()
Introduce get_singular_template()
Deprecated
Actions & Filters
New Actions
Introduce wp_ajax_crop_image_pre_save
Introduce add_user_role
Introduce remove_user_role
Introduce deprecated_constructor_run
New Filters
Introduce edit_comment_misc_actions
Introduce wp_ajax_cropped_attachment_metadata
Introduce wp_ajax_cropped_attachment_id
Introduce list_table_primary_column
Introduce upgrader_package_options
Introduce nav_menu_items_{$post_type_name}_recent
Introduce get_the_author_{$field}
Introduce wp_generate_tag_cloud_data
Introduce style_loader_tag
Introduce get_default_comment_status
Introduce format_for_editor
Introduce deprecated_constructor_trigger_error
Introduce get_main_network_id
Introduce site_icon_meta_tags
Introduce wp_get_attachment_image_src
Introduce wp_get_nav_menu_object
Introduce has_nav_menu
Introduce wp_safe_redirect_fallback
Introduce wp_unique_term_slug_is_bad_slug
Introduce wp_unique_term_slug
Introduce editor_stylesheets
Introduce send_password_change_email
Introduce send_email_change_email
Introduce password_change_email
Introduce email_change_email
Introduce password_reset_expiration
Changelog:
WordPress 4.2.2 Security and Maintenance Release
Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.
The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.
Thanks to everyone who contributed to 4.2.2:
Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt.
rdPress.org
Showcase
Themes
Plugins
Mobile
Support
Get Involved
About
Blog
Hosting
Download WordPress
WordPress 4.2.2 Security and Maintenance Release
Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.
The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.
Thanks to everyone who contributed to 4.2.2:
Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt.
Share this:
WordPress 4.2.1 Security Release
Posted April 27, 2015 by Gary Pendergast. Filed under Releases, Security.
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.
WordPress 4.2
An easier way to share content
Extended character support
Switch themes in the Customizer
Even more embeds
Streamlined plugin updates
Under the Hood
utf8mb4 support
Database character encoding has changed from utf8 to utf8mb4, which adds support for a whole range of new 4-byte characters.
JavaScript accessibility
You can now send audible notifications to screen readers in JavaScript with wp.a11y.speak(). Pass it a string, and an update will be sent to a dedicated ARIA live notifications area.
Shared term splitting
Terms shared across multiple taxonomies will be split when one of them is updated. Find out more in the Plugin Developer Handbook.
Complex query ordering
WP_Query, WP_Comment_Query, and WP_User_Query now support complex ordering with named meta query clauses.
Changelog:
Version 4.1 of WordPress, named "Dinah" in honor of jazz singer
Dinah Washington, is available for download or update in your
WordPress dashboard. New features in WordPress 4.1 help you focus
on your writing, and the new default theme lets you show it off in
style.
# Introducing Twenty Fifteen
Our newest default theme, Twenty Fifteen, is a blog-focused theme
designed for clarity.
Twenty Fifteen has flawless language support, with help from Google's
Noto font family.
The straightforward typography is readable on any screen size.
Your content always takes center stage, whether viewed on a phone,
tablet, laptop, or desktop computer.
# Distraction-free writing
Just write.
Sometimes, you just need to concentrate on putting your thoughts
into words. Try turning on distraction-free writing mode. When you
start typing, all the distractions will fade away, letting you
focus solely on your writing. All your editing tools instantly
return when you need them.
# The Finer Points
## Choose a language
Right now, WordPress 4.1 is already translated into over forty
languages, with more always in progress. You can switch to any
translation on the General Settings screen.
## Log out everywhere
If you've ever worried you forgot to sign out from a shared computer,
you can now go to your profile and log out everywhere.
## Vine embeds
Embedding videos from Vine is as simple as pasting a URL onto its
own line in a post. See the full list of supported embeds.
## Plugin recommendations
The plugin installer suggests plugins for you to try. Recommendations
are based on the plugins you and other users have installed.
# Under the Hood
## Complex Queries
Metadata, date, and term queries now support advanced conditional
logic, like nested clauses and multiple operators â A AND ( B OR
C ).
## Customizer API
The customizer now supports conditionally showing panels and sections
based on the page being previewed.
## <title> tags in themes
add_theme_support('title-tag') tells WordPress to handle the
complexities of document titles.
## Developer Reference
Continued improvements to inline code documentation have made the
developer reference more complete than ever.
Changelog:
WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)
WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:
Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
A cross-site request forgery that could be used to trick a user into changing their password.
An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.
Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.
We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.
Download WordPress 4.0.1 or venture over to Dashboard -> Updates and simply click “Update Now”.
* Update MESSAGE to use apache24 and php-fpm.
* Add php-fpm option, and make default option as php-fpm.
Changelog:
What's New
General
Featured image previews now support .bmp files
Featured Image meta box is now hidden for contributors lacking upload capabilities
New supported oEmbed providers: CollegeHumor, Issuu, Mixcloud, YouTube playlists, TED talks
Install WordPress in your language
Streamlined Language management right from the dashboard
Posts
Display embed previews for audio/visual URLs in Visual editor content box.
Page scrolling now scrolls post content box.
Edit Post/Page menu bar sticks to top of content box when scrolling (Visual and Text editor).
Color picker was re-added to the Visual editor
Media
Add Media Grid view option (default) for Media Library
Add "Bulk Select" button to Media Grid view to delete multiple items
Add oEmbed support for TED talks, Mixcloud, CollegeHumor.com, Issuu
Expand oEmbed support to include YouTube playlist URLs and Polldaddy’s short URL format
Remove Viddler oEmbed support
Update SlideShare oEmbed regex
Improved media experience on small screen sizes (embedded videos now responsive)
Native video and audio shortcodes now support Flash playback looping
Comments
Comments in trash can now be marked as spam.
Plugins
Display plugins list as grid, with thumbnails, on Add New screen.
Add popup window with plugin details (displays info from plugin's directory page).
Add "Beta Testing" tab to Plugins screen for new features-as-plugins.
Accessibility
Improved keyboard accessibility in the Add Media panel
Improved screen-reader support for Customizer sections
Makes links in help tabs keyboard accessible
Improvements for screen-readers when managing widgets in the Customizer
Install Process
Add language select menu as first Installation screen (skipped for localized installs)
Multisite
mp4 file extension was added to allowed upload file types
Changelog:
For WordPress 3.8 ja
* Update WP Multibyte Patch to 1.9
For WordPress 3.8
Highlights
Introduces a new, modern admin design
A fresh, uncluttered design
Clean typography with Open Sans
Superior contrast and large, comfortable type
Responsive interfaces throughout
Refined, theme management
Smoother, click-to-add widget management
New Default Theme - Twenty Fourteen
Easily create a responsive magazine website with a sleek, modern design.
Feature your favorite homepage content in either a grid or a slider.
Use the three widget areas to customize your website, and change your content's layout with a full-width page template and a contributor page to show off your authors.
For Developers
External Libraries have been updated.
Better RTL support
What's New
General
Replace PNG-based plugins ratings stars with Dashicons for performance gains
Improved help tab text in various screens
Clicking "Check Again" on the Updates screen now provides more immediate feedback
Dashboard
Consolidate several Dashboard widgets to improve readability
Replace the 'Right Now' widget with the new and improved 'At a Glance' widget
Appearance
Introduce 8 new admin color schemes
Improved readability throughout using Open Sans typeface (where supported)
Responsive Toolbar for smaller-screen devices
Leverage Dashicons instead of icon sprites for crisper experience on all resolutions
Big RTL improvements throughout
Make the dashboard more usable on any size device with responsive all the things
Improve the login screen experience for Internet Explorer 8 users
Improve Quick Edit experience for non-English users
Improve the Menus experience for mobile users
Themes
New Default Theme -- Twenty Fourteen
Make it possible to check for any post format assigned to a post with has_post_format()
Better custom background theme support defaults, can now specify 'default-repeat', 'default-position-x', and 'default-attachment' arguments for background images.
Tags for width changed to layout: responsive-layout, fluid-layout, and fixed-layout
New tag: accessibility-ready to denote a theme is aware of accessibility best practices such as color contrast, keyboard navigation, and form/link focus. See WP theme accessibility guidelines.
Theme screenshots' size have increased from 600x450 to 880x 660.
Widgets
New click-to-add interface for adding widgets to sidebars
Improved interface for devices of all resolutions
Better drag-and-drop experience
Accessibility
Make list table row actions keyboard accessible
Improve color contrast throughout the admin
Multisite
Improved performance when deleting users in Multisite
Under The Hood
General
Heartbeat performance and API improvements
A $taxonomy argument was added to each of the adjacent post functions.
Define $is_nginx in vars.php
Apply capital_P_dangit() to the wp_title filter
Make sure ajaxurl is defined in the Customizer
validate_active_plugins() now checks the manage_network_plugins capability instead of is_super_admin()
Allow passing false for the meta_box_cb argument in register_taxonomy() to turn off the meta box display entirely
Make it easier to target video shortcodes by adding a wp-video class to the parent container
Add CSSMin, SASS, CSSJanus, and jsHint to build tools for core development
Bug Fixes
Fix bug where top-level categories were only redirecting if they had no children
Fix bug in wp_get_object_terms() where returned were strings not integers
Fix a bug where passing a null value to meta_query resulted in wonkiness with the comparison operator
Fix "'wp_signups' already exists for query" error after updating a Multisite network
Fix bug in get_bookmarks() caused by missing parentheses
Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author
Fix a date comparison error in dashboard_relative_date()
Fix keyboard accessibility for row actions in list tables.
Fix no-js and accessibility modes in in the Widgets screen
Fix a bug where menus could still be assigned to a non-existent theme location
Silence jQuery Migrate errors in the General settings page
Multisite
Classes
Introduce WP_Screen::remove_option()
Introduce WP_Screen::remove_options()
Introduce WP_Screen::get_options()
Functions
Introduce wp_dashboard_quick_press()
Introduce wp_dashboard_site_activity()
Introduce wp_dashboard_recent_posts()
Introduce wp_dashboard_recent_comments()
Introduce wp_dashboard_primary_output()
Introduce wp_heartbeat_set_suspension()
Introduce wp_star_rating()
Introduce get_theme_update_available()
Introduce wp_prepare_themes_for_js()
Actions & Filters
Actions
Introduce automatic_updates_complete
Filters
Introduce automatic_updates_debug_email
Introduce wp_prepare_themes_for_js
External Libraries
Add a copyright notice to zxcvbn (password strength meter) script
Deprecated
screen_icon()
get_screen_icon()
wp_dashboard_incoming_links_output()
wp_dashboard_secondary_output()
wp_dashboard_incoming_links()
wp_dashboard_incoming_links_control()
wp_dashboard_plugins()
wp_dashboard_primary_control()
wp_dashboard_recent_comments_control()
wp_dashboard_secondary()
wp_dashboard_secondary_control()
no_update_actions()
Miscellaneous
Many unused images were removed from core. See the full list
WordPress is a state-of-the-art publishing platform with a focus on
aesthetics, web standards, and usability. WordPress is both free and
priceless at the same time.
This package is WordPress of Japanese localized version.
It has Japanese locale file and some extension/modification for
website written in Japansese people, and for website located in Japan.
wiz
taca
joerg
ryoon
agc