Changelog
Plugins: fix regression in search input field size. Fix a formatting
Default themes: Improve styles for 4.8 widgets Mostly adds styles for
About: Further polish for feature descriptions. Also adds Under The Hood
Emoji: Add Emoji 5 support. Updates Twemoji to 2.3.0 to include Emoji 5
Widgets: Ensure that audio and video files appear in media library browser
Widgets: Supply missing descriptions for instance schema fields in media
TinyMCE: update to 4.6.2. Changelog.
Widgets: Prevent multiple items from being selectable when first
Themes: Skip tests if ReflectionMethod::setAccessible is unavailable See
Themes: More unit tests for Custom Header Custom Header functionality is
Themes: improve browser history support on new themes page. When closing
Administration: Fix some HTML validation errors. Fixes some minor HTML
Administration: Update the docs for wp_check_browser_version(). Correct
Widgets: Further refine WP JS coding style in media widgets code. Props
http://wordpress.org/
Changelog
Drafting (#39896) and scheduling (#28721) of changes in the Customizer. Once you save or schedule a changeset, when any user comes into the Customizer the pending changes will be autoloaded. A button is provided to discard changes to restore the Customizer to the last published state. (This is a new “linear” mode for changesets, as opposed to “branching” mode which can be enabled by filter so that every time user opens the Customizer a new blank changeset will be started.)
Addition of a frontend preview link to the Customizer to allow changes to be browsed on the frontend, even without a user being logged in (#39896).
Addition of autosave revisions in the Customizer (#39275).
A brand new theme browsing experience in the Customizer (#37661).
Gallery widget (#41914), following the media and image widgets introduced in 4.8.
Support for shortcodes in Text widgets (#10457).
Support for adding media to Text widgets (#40854).
Support for adding oEmbeds outside post content, including Text widgets (#34115).
Support for videos from providers other than YouTube and Vimeo in the Video widget (#42039)
Improve the flow for creating new menus in the Customizer (#40104).
Educated guess mapping of nav menus and widgets when switching themes (#39692).
Plugins: Introduce singular capabilities for activating and deactivating individual plugins (#38652).
Sandbox PHP file edits in both plugins and themes, without auto-deactivation when an error occurs; a PHP edit that introduces a fatal error is rolled back with an opportunity then for the user to fix the error and attempt to re-save. (#21622).
Addition of dirty state for widgets on the admin screen, indicating when a widget has been successfully saved and showing an “Are you sure?” dialog when attempting to leave without saving changes. (#23120, #41610)
As always, there have been exciting changes for developers to explore as well, such as:
CodeMirror editor added to theme/plugin editor, Custom CSS in Customizer, and Custom HTML widgets. Integration includes support for linters to catch errors before you attempt to save. Includes new APIs for plugins to instantiate editors. (#12423)
Introduction of an extensible code editor control for adding instances of CodeMirror to the Customizer. (#41897)
Addition of global notifications area (#35210), panel and section notifications (#38794), and a notification overlay that takes over the entire screen in the Customizer (#37727).
A date/time control in the Customizer (#42022).
Improve usability of Customize JS API (#42083, #37964, #36167).
Introduction of control templates for base controls (#30738).
Use WP_Term_Query when transforming tax queries (#37038).
Database: Add support for MySQL servers connecting to IPv6 hosts (#41722).
Emoji: Bring Twemoji compatibility to PHP (#35293). Test for any weirdness with emoji in RSS feeds or emails.
I18N: Introduce the Plural_Forms class (#41562).
Media: Upgrade MediaElement.js to 4.2.5-74e01a40 fixing missing mejs.MediaElement reference (#39686).
Media: Use max-width for default captions (#33981). We will want to make sure this doesn’t cause unexpected visual regressions in existing themes, default themes were all fine in testing.
Media: Reduce duplicated custom header crops in the Customizer (#21819).
Media: Store video creation date in meta (#35218). Please help test different kinds of videos.
Multisite: Introduce get_site_by() (#40180).
Multisite: Improve get_blog_details() by using get_site_by() (#40228).
Multisite: Improve initializing available roles when switch sites (#38645).
Multisite: Initialize a user’s roles correctly when setting them up for a different site (#36961).
REST API: Support registering complex data structures for settings and meta
REST API: Support for objects in schema validation and sanitization (#38583)
Role/Capability: Introduce capabilities dedicated to installing and updating language files (#39677).
Remove SWFUpload (#41752).
Users: Require a confirmation link in an email to be clicked when a user attempts to change their email address (#16470).
Core and the unit test suite is fully compatible with the upcoming release of PHP 7.2
http://wordpress.org/
Changelog
A few specific areas to test in RC3:
Switching between the Visual and Text tabs of the editor, and the syncing of the cursor between those two tabs.
Overriding linting errors in the Customizer’s Additional CSS editor.
Adding nav menu items for Custom Links in the Customizer.
Scheduling customization drafts (stubbed posts/pages) for publishing in the Customizer.
Autosave revisions for changes in the Customizer.
About page styling.
http://wordpress.org/
Changelog
An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress. MediaElement has released a new version that contains a fix for the bug, and a WordPress plugin containing the fixed files is available in the plugin repository.
21 other bugs were fixed in WordPress 4.9.2. Particularly of note were:
JavaScript errors that prevented saving posts in Firefox have been fixed.
The previous taxonomy-agnostic behavior of get_category_link() and category_description() was restored.
Switching themes will now attempt to restore previous widget assignments, even when there are no sidebars to map.
http://wordpress.org/
Release Notes
This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:
Don't treat localhost as same host by default.
Use safe redirects when redirecting the login page if SSL is forced.
Make sure the version string is correctly escaped for use in generator tags.
Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.
Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:
The previous styles on caption shortcodes have been restored.
Cropping on touch screen devices is now supported.
A variety of strings such as error messages have been updated for better clarity.
The position of an attachment placeholder during uploads has been fixed.
Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
Improved compatibility with PHP 7.2.
http://wordpress.org/
Changelog
We’ve made some big upgrades to the editor. Our new block-based editor is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or write code for a living.
Building with Blocks:
The new block-based editor won’t change the way any of your content looks to your visitors. What it will do is let you insert any type of multimedia in a snap and rearrange to your heart’s content. Each piece of content will be in its own block; a distinct wrapper for easy maneuvering. If you’re more of an HTML and CSS sort of person, then the blocks won’t stand in your way. WordPress is here to simplify the process, not the outcome.
We have tons of blocks available by default, and more get added by the community every day. Here are a few of the blocks to help you get started:
Paragraph
Heading
Preformatted
Quote
Image
Gallery
Cover
Video
Audio
Columns
File
Code
List
Button
Embeds
More
Freedom to Build, Freedom to Write:
This new editing experience provides a more consistent treatment of design as well as content. If you’re building client sites, you can create reusable blocks. This lets your clients add new content anytime, while still maintaining a consistent look and feel.
A Stunning New Default Theme:
Introducing Twenty Nineteen, a new default theme that shows off the power of the new editor.
Designed for the block editor:
Twenty Nineteen features custom styles for the blocks available by default in 5.0. It makes extensive use of editor styles throughout the theme. That way, what you create in your content editor is what you see on the front of your site.
Simple, type-driven layout:
Featuring ample whitespace, and modern sans-serif headlines paired with classic serif body text, Twenty Nineteen is built to be beautiful on the go. It uses system fonts to increase loading speed. No more long waits on slow networks!
Versatile design for all sites:
Twenty Nineteen is designed to work for a wide variety of use cases. Whether you’re running a photo blog, launching a new business, or supporting a non-profit, Twenty Nineteen is flexible enough to fit your needs.
http://wordpress.org/
Changelog
WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility.
WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0.
http://wordpress.org/
Changelog
5.0.2 is a maintenance release that addresses 73 bugs. The primary focus of this release was performance improvements in the block editor: the cumulated performance gains make it 330% faster for a post with 200 blocks.
Here are a few of the additional highlights:
45 total Block Editor improvements are included (14 performance enhancements & 31 bug fixes).
17 Block Editor related bugs have been fixed across all of the bundled themes.
Some internationalization (i18n) issues related to script loading have also been fixed.
http://wordpress.org/
Changelog
5.0.3 is a maintenance release that includes 37 bug fixes and 7 performance updates. The focus of this release was fine-tuning the new block editor, and fixing any major bugs or regressions.
Here are a few of the highlights:
15 block editor related bug fixes and improvements have been added to bundled themes. Make sure to update these for an improved block editing experience.
2 block editor related internationalization (I18N) bugs have been fixed
Users with JavaScript disabled now see a notice when attempting to use the block editor.
A few PHP errors in the Customizer have been fixed.
Some issues uploading common file types, like CSVs, have been fixed.
http://wordpress.org/
Release Notes
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.
There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).
WordPress 5.1 is slated for release on February 21, and we need your help to get there!
Over 110 tickets have been closed since beta 1, many of which are documentation and testing suite improvements. Here are the major changes and bug fixes:
Several refinements and bug fixes related to the Site Health project have been made.
The pre_render_block and render_block_data filters have been introduced allowing plugins to override block attribute values (#45451, dev note coming soon).
get_template_part() will now return a value indicating whether a template file was found and loaded (#40969).
A notice will now be triggered when developers incorrectly register REST API endpoints (related dev note).
Bulk editing posts will no longer unintentionally change a post’s post format (#44914)
Twemoji has been updated to the latest version, 11.2.0 (#45133).
A bug preventing the Custom Fields meta box from being enabled has been fixed (#46028).
The treatment of orderby values for post__in, post_parent__in, and post_name__in has been standardized (#38034).
When updating language packs, old language packs are now correctly deleted to avoid filling up disk space (#45468).
Developer Notes
WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.
https://wordpress.org/
Release Notes
WordPress 5.1 Beta 3 is now available!
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version.
There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Testerplugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the beta here (zip).
WordPress 5.1 is slated for release on February 21, and we need your help to get there!
Site Health Check
One of the features originally slated for WordPress 5.1—the PHP error protection handler—will target WordPress 5.2 instead. Some potential security issues were discovered in the implementation: rather than risk releasing insecure code, the team decided to pull it out of WordPress 5.1. The work in #46130 is showing good progress towards addressing the security concerns, if you’d like to follow development progress on this feature.
Additional Changes
A handful of smaller bugs have also been fixed in this release, including:
TinyMCE has been upgraded to version 4.9.2 (#46094).
The block editor has had a couple of bugs fixed (#46137).
A few differences in behaviour between the classic block and the classic editor have been fixed (#46062, #46071, #46085).
When adding rel attributes to links, ensure the value isn’t empty (#45352), and that it works as expected with customizer changesets (#45292).
Developer Notes
WordPress 5.1 has many changes aimed at polishing the developer experience. To keep you informed, we publish developers’ notes on the Make WordPress Core blog throughout the release cycle. Subscribe to the Make WordPress Core blog for updates over the coming weeks, detailing other changes in 5.1 that you should be aware of.
https://wordpress.org/
Release Notes
The second release candidate for WordPress 5.1 is now available!
WordPress 5.1 will be released on Thursday, February 21, but we need your help to get there—if you haven’t tried 5.1 yet, now is the time!
There are two ways to test the WordPress 5.1 release candidate: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the release candidate here (zip).
For details about what to expect in WordPress 5.1, please see the first release candidate post.
This release includes the final About page design. It also contains fixes for:
New WordPress installs not setting the database table prefix correctly (#46220).
A HTTP error occurring when opening browser developer tools (#46218).
The legacy media dialog having incorrect pagination link styling (#41858).
The comment form not appearing when clicking “Reply” on comments loaded via Ajax (#46260).
https://wordpress.org/
Changelog
WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2.
This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting.
WordPress versions 5.1 and earlier are affected by these bugs, which are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not yet updated to 5.1.
Props to Simon Scannell of RIPS Technologies who discovered this flaw independent of some work that was being done by members of the core security team. Thank you to all of the reporters for privately disclosing the vulnerabilities, which gave us time to fix them before WordPress sites could be attacked.
Other highlights of this release include:
Hosts can now offer a button for their users to update PHP.
The recommended PHP version used by the “Update PHP” notice can now be filtered.
Several minor bug fixes.
https://wordpress.org/
Changelog
This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.
If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you.
Security Updates
Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
http://wordpress.org/
Changelog
Security Updates:
Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
https://wordpress.org/
Changelog
Block Editor Improvements:
This enhancement-focused update introduces over 150 new features and usability improvements, including improved large image support for uploading non-optimized, high-resolution pictures taken from your smartphone or other high-quality cameras. Combined with larger default image sizes, pictures always look their best.
Accessibility improvements include the integration of block editor styles in the admin interface. These improved styles fix many accessibility issues: color contrast on form fields and buttons, consistency between editor and admin interfaces, new snackbar notices, standardizing to the default WordPress color scheme, and the introduction of Motion to make interacting with your blocks feel swift and natural.
For people who use a keyboard to navigate the dashboard, the block editor now has a Navigation mode. This lets you jump from block to block without tabbing through every part of the block controls.
Expanded Design Flexibility:
WordPress 5.3 adds even more robust tools for creating amazing designs.
The new Group block lets you easily divide your page into colorful sections.
The Columns block now supports fixed column widths.
The new predefined layouts make it a cinch to arrange content into advanced designs.
Heading blocks now offer controls for text and background color.
Additional style options allow you to set your preferred style for any block that supports this feature.
Introducing Twenty Twenty:
As the block editor celebrates its first birthday, we are proud that Twenty Twenty is designed with flexibility at its core. Show off your services or products with a combination of columns, groups, and media blocks. Set your content to wide or full alignment for dynamic and engaging layouts. Or let your thoughts be the star with a centered content column!
As befits a theme called Twenty Twenty, clarity and readability is also a big focus. The theme includes the typeface Inter, designed by Rasmus Andersson. Inter comes in a Variable Font version, a first for default themes, which keeps load times short by containing all weights and styles of Inter in just two font files.
Improvements for Everyone:
Automatic Image Rotation:
Your images will be correctly rotated upon upload according to the embedded orientation data. This feature was first proposed nine years ago and made possible through the perseverance of many dedicated contributors.
Improved Site Health Checks:
The improvements introduced in 5.3 make it even easier to identify issues. Expanded recommendations highlight areas that may need troubleshooting on your site from the Health Check screen.
Admin Email Verification:
You’ll now be periodically asked to confirm that your admin email address is up to date when you log in as an administrator. This reduces the chance of getting locked out of your site if you change your email address.
http://wordpress.org/
Changelog
RC2 addresses improvements to the new About page and 5 fixes for the following bugs and regressions
49611 – Block Editor: Update WordPress Packages WordPress 5.4 RC 2
49318 – Bundled Themes: Twenty Twenty content font CSS selector is too important
49585 – REST API: Fix typo in disable-custom-gradients theme feature description
49568 – Block Editor: Fix visual regression in editor’s color picker
49549 – Bundled Themes: Calendar widget CSS fixes on various Bundled themes
http://wordpress.org/
Changelog
Notable updates for this release include:
WordPress database error when installing PHPUnit tests (#58673)
Use _get_block_template_file function and set $area variable (#52708)
Indicate when a theme supports the Site editor in the Themes REST API response (#58123)
bulk_edit_posts() function needs an action hook (#28112)
Allow editing existing footnote from formats toolbar (#52506)
Patterns: Add client side pagination to patterns list (#52538)
Trim footnote anchors from excerpts (#52518)
https://wordpress.org/
Changelog
The following core tickets from Trac are fixed:
Fatal error on single-site get_users() under certain circumstances
Editor: Incorrect error handling when converting classic to block menus
Revert the last instance of str_starts_with() in update-core.php
Update npm packages with critical bugfixes for 6.3.1
The following block editor issues from GitHub are fixed:
Multiple block select cut and paste failing
Fix crash by moving editor style logic into a hook with useMemo
Footnotes: Fix recursion into updating attributes when attributes is not an object
Footnotes: autosave is not slashing JSON
Footnotes: fix accidental override
Footnotes: checking type before using count()
https://wordpress.org/
Changelog
The following core tickets from Trac are fixed:
Block Hooks: Incorrect context passed when setting ignored hooked blocks metadata
Patterns menu item, put back the context parameter.
wp_localize_script() on login_enqueue_scripts hook change in behavior
Some PHPUnit Tests are failing (test changes only)
Autoprefixer warning in `src/wp-admin/css/media.css` when running `precommit:css` Grunt task
Fatal error when passing non-strings to `WP_Translation_Controller::load_file()`
Classic Theme with theme.json attempts to load templates
Layout: Output of base layout rules conflicts with wide alignment of blocks in classic themes
Fix get_item_features() in class-avif-info.php
6.5 adds the “is-layout-constrained” class to the wrong place for classic themes
Plugin management: AJAX plugin activation consequences
The following block editor issues from GitHub are fixed:
#60489 – Layout: Skip outputting base layout rules that reference content or wide sizes if no layout sizes exist
#60620 – Fix inserter pattern pagination focus loss
#60608 – Fix static posts page setting resolved template
#60641 – Font Library: Fix modal scrollbar
#60661 – Interactivity API: Allow multiple event handlers for the same type with data-wp-on.
#60668 – Layout: Always add semantic classes
#60845 – List View: Fix stuck dragging mode in UI in Firefox when dealing with deeply nested lists
#60764 – Don’t output base flow and constrained layout rules on themes without theme.json
https://wordpress.org/