WordPress 5.1 Beta 1

WordPress 5.1 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.

There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).

WordPress 5.1 is slated for release on February 21, and we need your help to get there. Here are some of the big items to test so we can find as many bugs as possible in the coming weeks.

Site Health Check

Site Health Check is an ongoing project aimed at improving the stability and performance of the entire WordPress ecosystem. The first phase of this project is included in WordPress 5.1. For the first time, WordPress will catch and pause the problem code, so you can log in to your Dashboard and see what the problem is (#44458). Before, you’d have to FTP in to your files or get in touch with your host.

Additionally, in April 2019, WordPress’ will increase its minimum supported PHP version to 5.6. To help you check if you’re prepared for this change, WordPress 5.1 will show you a warning and help you upgrade your version of PHP, if necessary.

For Developers

  • The Cron system can now be more easily replaced with a custom cron handler (#32656).
  • When starting cron under PHP-FPM, the connection will return a response immediately, even for long running cron jobs (dev note).
  • WP_DEBUG_LOG can be set to a custom log location (#18391).
  • Introduced the wp_blogmeta table (#37923).
  • Added LIKE support to meta_key comparisons in WP_Meta_Query (#42409).

There have been over 360 tickets closed in WordPress 5.1, with numerous small bug fixes and improvements to help smooth your WordPress experience.

Keep your eyes on the Make WordPress Core blog for more developer notes (which are assigned the dev-notes tag) in the coming weeks detailing other changes in 5.1 that you should be aware of.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.


Miss my haiku?
I will have plenty for you
in the coming weeks.

WordPress 5.0.2 Maintenance Release

WordPress 5.0.2 is now available!

5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks.

Here are a few of the additional highlights:

For a full list of changes, please consult the list of tickets on Trac or the changelog.

You can download WordPress 5.0.2 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically.

Thank you to everyone who contributed to WordPress 5.0.2:

Alexander Babaev, Alex Kirk, allancole, Andrea Fercia, Andrew Ozz, Anton Timmermans, David Binovec, David Trower, Dominik Schilling, Eduardo Pittol, Gary Pendergast, Greg Raven, gziolo, herregroen, iCaleb, Jb Audras, Joen Asmussen, John Blackbourn, Jonathan Desrosiers, khleomix, kjellr, laurelfulford, Jeff Paul, mihaivalentin, Milan Dinić, Muntasir Mahmud, Pascal Birchler, Pratik K. Yadav, Riad Benguella, Rich Tabor, strategio, Subrata Sarkar, tmatsuur, TorontoDigits, Ulrich, Vaishali Panchal, volodymyrkolesnykov, Weston Ruter, Yui, ze3kr, and のむらけい.

WordPress 5.0 RC3

The third release candidate for WordPress 5.0 is now available!

WordPress 5.0 will be released on December 6, 2018. This is a big release and needs your help—if you haven’t tried 5.0 yet, now is the time!

To test WordPress 5.0, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For details about what to expect in WordPress 5.0, please see the first release candidate post.

This release candidate includes a fix for some scripts not loading on subdirectory installs (#45469), and user locale settings not being loaded in the block editor (#45465). Twenty Nineteen has also had a couple of minor tweaks.

Plugin and Theme Developers

Please test your plugins and themes against WordPress 5.0 and update the Tested up to version in the readme to 5.0. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release. An in-depth field guide to developer-focused changes is coming soon on the core development blog. In the meantime, you can review the developer notes for 5.0.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! 

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.


WordPress Five Point Oh
Is just a few days away!
Nearly party time!
🎉

WordPress 5.0 RC2

The second release candidate for WordPress 5.0 is now available!

This is an important milestone, as we near the release of WordPress 5.0. A final release date will be announced soon, based on feedback from this release candidate. Things are appearing very stable and we hope to announce a date soon. This is a big release and needs your help—if you haven’t tried 5.0 yet, now is the time! 

To test WordPress 5.0, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For details about what to expect in WordPress 5.0, please see the previous release candidate post.

Significant changes

  • We stopped rendering AdminNotices compatibility component, as this previous attempt at backward compatibility was bringing in numerous incompatible banners and notices from plugins.
  • An update to the parser to better deal with malformed HTML that could cause a loop. We’re only aware of this in the wild being triggered once in the over a million posts made with Gutenberg, but it caused a loop so we wanted to fix for RC2.

Cosmetic and minor changes in RC2

  • Accessibility: Simplify sidebar tabs aria-labels.
  • Make the Image Link URL field readonly.
  • Internationalization: Merge similar text strings that differed only in capitalization.
  • CSS: Improve block preview styling.
  • CSS: Fix visual issues with Button block text wrap.
  • Fix getSelectedBlockClientId selector.
  • Fix Classic block not showing galleries on a grid.
  • Fix an issue where the block toolbar would cause an image to jump downwards when the wide or full alignments were activated.
  • Move editor specific styles from style.scss to editor.scss in Cover block.
  • Fix modals in Microsoft Edge browser.
  • Fix Microsoft IE11 focus loss after TinyMCE init. Add IE check.
  • Fix Microsoft IE11 input when mounting TinyMCE.
  • Change @package names to WordPress.

How to Help

Do you speak a language other than English? Help us translate WordPress into more than 100 languages! 

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.


RC bittersweet.
We welcome in Gutenberg,
Vale Gutenbeard.

WordPress 4.2.3 Security and Maintenance Release

WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.

We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.3 also contains fixes for 20 bugs from 4.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.3.

Thanks to everyone who contributed to 4.2.3:

Aaron Jorbin, Andrew Nacin, Andrew Ozz, Boone Gorges, Chris Christoff, Dion Hulse, Dominik Schilling, Ella Iseulde Van Dorpe, Gabriel Pérez, Gary Pendergast, Mike Adams, Robert Chapin, Nikolay Bachiyski, Ross Wintle, and Scott Taylor.

WordPress 4.2.1 Security Release

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.

WordPress 4.1.2 Security Release

WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.

We also fixed three other security issues:

  • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded. Discovered by Michael Kapfer and Sebastian Kraemer of HSASec.
  • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack. Discovered by Jakub Zoczek.
  • Some plugins were vulnerable to an SQL injection vulnerability. Discovered by Ben Bidner of the WordPress security team.

We also made four hardening changes, discovered by J.D. Grimes, Divyesh Prajapati, Allan Collins and Marc-Alexandre Montpas.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.1.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.1.2.

Thanks to everyone who contributed to 4.1.2: Allan Collins, Alex Concha, Andrew Nacin, Andrew Ozz, Ben Bidner, Boone Gorges, Dion Hulse, Dominik Schilling, Drew Jaynes, Gary Pendergast, Helen Hou-Sandí, John Blackburn and Mike Adams.

A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue. Thank you to all of the plugin authors who worked closely with our security team to ensure a coordinated response.

Already testing WordPress 4.2? The third release candidate is now available (zip) and it contains these fixes. For more on 4.2, see the RC 1 announcement post.