WordPress News

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

We’ve got a new bugfix and security release for both of our actively maintained branches of WordPress. Version 2.1.1 includes about 30 bug fixes, mostly minor things around encoding, XML-RPC, the object cache, and HTML code. It’s available for immediate download on our download page.

Version 2.0.9 only includes the security update, which was around the code we use to prevent XSS. You can download it from our release archive. As a reminder, we’ve committed to proving security updates to 2.0 through 2010, but all new features and development are going into the newer branch, which is at this time 2.1.

This is a low-to-medium priority update recommended for all WordPress users. After the break is a list of changed files.

On behalf of the WordPress.org community of commiters, contributers, and volunteers, I’m very proud to announce the immediate availability of WordPress 2.1 “Ella”, named for jazz vocalist Ella Fitzgerald. Here’s a sampling of what’s in the new version: Autosave makes sure you never lose a post again. Our new tabbed editor allows you to switch […]

Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running […]

It’s a new year, and we have a new major release of WordPress coming soon. (We’re currently aiming for the 22nd.) It’s as good a time as any to examine where we’ve been, and where we are, and where we’re going as a community. 2006 was a pretty exciting year, we saw 1.54 million downloads […]

We have a pretty important release available for everyone, it includes an important security fix and it’s recommended that everyone upgrade. This is the latest release in our stable 2.0 line, which we’ve committed to maintaining for several more years. Here’s what’s new: The aforementioned security fixes. HTML quicktags now work in Safari browsers. Comments […]

At various events throughout 2006, like SxSW and WordCamp we had t-shirts and each time we got a ton of requests for people who weren’t there to be able to buy them. Well, now you can. We have a limited supply of some of our shirts from this year available to order online. You can’t […]

Guest article by Aaron Brazell WordPress 2.1 is almost here and you know what that means for developers. It’s time to pull out those old plugins you’ve had stashed, blow off the dust and start applying some spit and polish and make sure it will last longer than Grandma’s Ham and Bean soup that has […]

It’s new release time. The latest in our venerable 2.0 series, which now counts over 1.2 million downloads, is available for download immediately, and we suggest everyone upgrade as this includes security fixes. We’re breaking the tradition of naming releases after jazz musicians to congratulate Ryan Boren on his new son (and first WP baby) […]

The WordPress family has been really starting to grow lately. I wanted to let you guys know about two big releases: WordPress Multi-user 1.0 and bbPress 0.72. WordPress MU is an official branch of WordPress that is designed for managing and hosting thousands of blogs instead of just one. It’s the software that powers WordPress.com, […]

WordPress 2.0.4, the latest stable release in our Duke series, is available for immediate download. This release contains several important security fixes, so it’s highly recommended for all users. We’ve also rolled in a number of bug fixes (over 50!), so it’s a pretty solid release across the board. Upgrading is fairly simple, just overwrite […]

On August 5th, 2006, we’re planning a WordPress user conference called WordCamp. The idea is to bring WordPress users and developers so we can meet each other face to face, share stories, and try to figure out the future of our little corner of the online publishing revolution. The conference will be a 1-day event, […]