We’re starting a new regular feature on this blog today. We’d like to keep everyone up-to-date about the happenings all across the WordPress open source project and highlight how you can get involved, so we’ll be posting a roundup of all the major WordPress news at the end of every month.
Aside from other general news, the three big events in June were the release of WordPress 4.8, WordCamp Europe 2017, and the WordPress Community Summit. Read on to hear more about these as well as other interesting stories from around the WordPress world.WordPress 4.8
On June 8, a week before the Community Summit and WordCamp Europe, WordPress 4.8 was released.You can read the Field Guide for a comprehensive overview of all the features of this release (the News and Events widget in the dashboard is one of the major highlights).
Most people would either have their version auto-updated, or their hosts would have updated it for them. For the rest, the updates have gone smoothly with no major issues reported so far.
This WordPress release saw contributions from 346 individuals; you can find their names in the announcement post. To get involved in building WordPress core, jump into the #core channel in the Making WordPress Slack group, and follow the Core team blog.WordCamp Europe 2017
WordCamp Europe 2017 was held in Paris between June 15-17. The event began with a Contributor Day, followed by two days of talks and community goodness. The talks were live-streamed, but you can still catch all the recordings on WordPress.tv. The organisers also published a handy wrap-up of the event.
WordCamp Europe exists to bring together the WordPress community from all over the continent, as well as to inspire local communities everywhere to get their own events going — to that end, the event was a great success, as a host of new meetup groups have popped up in the weeks following WordCamp Europe.
The work that Contributor Day participants accomplished was both varied and valuable, covering all aspects of the WordPress project — have a look through the Make blogs for updates from each team.
Finally, we also learned during the event that WordCamp Europe 2018 will be held in Belgrade, Serbia, continuing the tradition of exploring locations and communities across the continent.WordPress Community Summit
The fourth WordPress Community Summit took place during the two days leading up to WordCamp Europe 2017. This event is an invite-only unconference where people from all over the WordPress community come together to discuss some of the more difficult issues in the community, as well as to make plans for the year ahead in each of the contribution teams.
As the Summit is designed to be a safe space for all attendees, the notes from each discussion are in the process of being anonymized before we publish them on the Summit blog (so stay tuned – they’ll show up there over the next few weeks).
You can already see the final list of topics that were proposed for the event here (although a few more were added during the course of the two day Summit).WordPress marketing push continues apace
As part of the push to be more intentional in marketing WordPress (as per Matt Mullenweg’s 2016 State of the Word), the Marketing team has launched two significant drives to obtain more information about who uses WordPress and how that information can shape their outreach and messaging efforts.
The team is looking for WordPress case studies and is asking users, agencies, and freelancers to take a WordPress usage survey. This will go a long way towards establishing a marketing base for WordPress as a platform and as a community — and many people in the community are looking forward to seeing this area develop further.
To get involved in the WordPress Marketing team, you can visit their team blog.New Gutenberg editor available for testing
For some time now, the Core team has been hard at work on a brand-new text editor for WordPress — this project has been dubbed “Gutenberg.” The project’s ultimate goal is to replace the existing TinyMCE editor, but for now it is in beta and available for public testing — you can download it here as a plugin and install it on any WordPress site.
This feature is still in beta, so we don’t recommend using it on a production site. If you test it out, though, you’ll find that it is a wholly different experience to what you are used to in WordPress. It’s a more streamlined, altogether cleaner approach to the text-editing experience than we’ve had before, and something that many people are understandably excited about. Matt Mullenweg discussed the purpose of Gutenberg in more detail during his Q&A at WordCamp Europe.
There are already a few reviews out from Brian Jackson at Kinsta, Aaron Jorbin, and Matt Cromwell (among many others). Keep in mind that the project is in constant evolution at this stage; when it eventually lands in WordPress core (probably in v5.0), it could look very different from its current iteration — that’s what makes this beta stage and user testing so important.
To get involved with shaping the future of Gutenberg, please test it out, and join the #core-editor channel in the Making WordPress Slack group. You can also visit the project’s GitHub repository to report issues and contribute to the codebase.Further reading:
- Bridget Willard has proposed an editorial calendar to assist WordCamp organizers with publishing content for their event.
- A new kind of niche WordCamp, WordCamp for Publishers in Denver, has opened ticket sales.
- The WordPress iOS app was updated with a fresh, new media library this month.
- It looks like Underscores, the popular WordPress starter theme, has a bright future ahead of it, with a renewed vision and new committer.
- The always-inspiring Tom McFarlin has released a simple autoloader for WordPress that looks very useful indeed.
- After a bit of a discussion on Twitter regarding the differences between WordPress.org, WordPress.com, and Jetpack, Helen Hou-Sandí came up with a great analogy and an interesting post about it all.
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.
Though some updates seem minor, they’ve been built by hundreds of contributors with you in mind. Get ready for new features you’ll welcome like an old friend: link improvements, three new media widgets covering images, audio, and video, an updated text widget that supports visual editing, and an upgraded news section in your dashboard which brings in nearby and upcoming WordPress events.Exciting Widget Updates Image Widget
Adding an image to a widget is now a simple task that is achievable for any WordPress user without needing to know code. Simply insert your image right within the widget settings. Try adding something like a headshot or a photo of your latest weekend adventure — and see it appear automatically.Video Widget
A welcome video is a great way to humanize the branding of your website. You can now add any video from the Media Library to a sidebar on your site with the new Video widget. Use this to showcase a welcome video to introduce visitors to your site or promote your latest and greatest content.Audio Widget
Are you a podcaster, musician, or avid blogger? Adding a widget with your audio file has never been easier. Upload your audio file to the Media Library, go to the widget settings, select your file, and you’re ready for listeners. This would be a easy way to add a more personal welcome message, too!Rich Text Widget
This feature deserves a parade down the center of town! Rich-text editing capabilities are now native for Text widgets. Add a widget anywhere and format away. Create lists, add emphasis, and quickly and easily insert links. Have fun with your newfound formatting powers, and watch what you can accomplish in a short amount of time.Link Boundaries
Have you ever tried updating a link, or the text around a link, and found you can’t seem to edit it correctly? When you edit the text after the link, your new text also ends up linked. Or you edit the text in the link, but your text ends up outside of it. This can be frustrating! With link boundaries, a great new feature, the process is streamlined and your links will work well. You’ll be happier. We promise.Nearby WordPress Events
Did you know that WordPress has a thriving offline community with groups meeting regularly in more than 400 cities around the world? WordPress now draws your attention to the events that help you continue improving your WordPress skills, meet friends, and, of course, publish!
This is quickly becoming one of our favorite features. While you are in the dashboard (because you’re running updates and writing posts, right?) all upcoming WordCamps and official WordPress Meetups — local to you — will be displayed.
Being part of the community can help you improve your WordPress skills and network with people you wouldn’t otherwise meet. Now you can easily find your local events just by logging in to your dashboard and looking at the new Events and News dashboard widget.Even More Developer Happiness
The second release candidate for WordPress 4.8 is now available.
The release candidate for WordPress 4.8 is now available.
RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.8 on Thursday, June 8, but we need your help to get there. If you haven’t tested 4.8 yet, now is the time!
Developers, please test your plugins and themes against WordPress 4.8 and update your plugin’s Tested up to version in the readme to 4.8. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we work hard to avoid breaking things. An in-depth field guide to developer-focused changes is coming soon on the core development blog.
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
This release’s haiku is courtesy of @matveb:
Cien veces y más
Erre ce dos
Thanks for your continued help testing out the latest versions of WordPress.
WordPress 4.8 Beta 2 is now available!
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.8, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
Do you speak a language other than English? Help us translate WordPress into more than 100 languages!
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
WordPress four point eight
One step closer to release
Please test Beta 2!
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.4 and earlier are affected by six security issues:
- Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
- Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
- Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
- A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.5 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.
Thanks to everyone who contributed to 4.7.5.
WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne!
HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress.
The security team has been working on this project for quite some time. Nikolay Bachiyski started the team working on it just over a year ago. We ran it as a private program while we worked out our procedures and processes, and are excited to finally make it public.
With the announcement of the WordPress HackerOne program we are also introducing bug bounties. Bug bounties let us reward reporters for disclosing issues to us and helping us secure our products and infrastructure. We’ve already awarded more than $3,700 in bounties to seven different reporters! We are thankful to Automattic for paying the bounties on behalf of the WordPress project.
The program and bounties cover all our projects including WordPress, BuddyPress, bbPress, GlotPress, and WP-CLI as well as all of our sites including WordPress.org, bbPress.org, WordCamp.org, BuddyPress.org, and GlotPress.org.
We’re planning a smaller WP release early next month, bringing in three major enhancements:
- An improved visual editor experience, with a new TinyMCE that allows you to navigate more intuitively in and out of inline elements like links. (Try it out to see, it’s hard to describe.)
- A revamp of the dashboard news widget to bring in nearby and upcoming events including meetups and WordCamps.
- Several new media widgets covering images, audio, and video, and an enhancement to the text widget to support visual editing.
The first beta of 4.8 is now available for testing. You can use the beta tester plugin (or just run trunk) to try the latest and greatest, and each of these areas could use a ton of testing. Our goals are to make editing posts with links more intuitive, make widgets easier for new users and more convenient for existing ones, and get many more people aware of and attending our community events.
Four point eight is here
Small changes with a big punch
Big ones come later
After almost sixty million downloads of WordPress 4.7, we are pleased to announce the immediate availability of WordPress 4.7.4, a maintenance release.
This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes.
Download WordPress 4.7.4 or visit Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.4.
Thanks to everyone who contributed to 4.7.4:
Aaron Jorbin, Adam Silverstein, Andrea Fercia, Andrew Ozz, aussieguy123, Blobfolio, boldwater, Boone Gorges, Boro Sitnikovski, chesio, Curdin Krummenacher, Daniel Bachhuber, Darren Ethier (nerrad), David A. Kennedy, davidbenton, David Herrera, Dion Hulse, Dominik Schilling (ocean90), eclev91, Ella Van Dorpe, Gustave F. Gerhardt, ig_communitysites, James Nylen, Joe Dolson, John Blackbourn, karinedo, lukasbesch, maguiar, MatheusGimenez, Matthew Boynes, Matt Wiebe, Mayur Keshwani, Mel Choyce, Nick Halsey, Pascal Birchler, Peter Wilson, Piotr Delawski, Pratik Shrestha, programmin, Rachel Baker, sagarkbhatt, Sagar Prajapati, sboisvert, Scott Taylor, Sergey Biryukov, Stephen Edgar, Sybre Waaijer, Timmy Crawford, vortfu, and Weston Ruter.