WordPress.org

The release candidate for WordPress 4.6 is now available.

We’ve made a few refinements since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.6 on Tuesday, August 16, but we need your help to get there.

If you haven’t tested 4.6 yet, now is the time!

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.6, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For more information about what’s new in version 4.6, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.

Developers, please test your plugins and themes against WordPress 4.6 and update your plugin’s Tested up to version in the readme to 4.6. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we never want to break things.

Be sure to read the in-depth field guide, a post with all the developer-focused changes that take place under the hood.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

Happy testing!

Der Sommer ist da,
Zeit für ein neues Release.
Bald ist es soweit.

WordPress 4.6 Beta 4 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information on what’s new in 4.6, check out the Beta 1, Beta 2, and Beta 3 blog posts, along with in-depth field guides. This is the final planned beta of WordPress 4.6, with a release candidate scheduled for next week.

Some of the fixes in Beta 4 include:

• Media: alt attributes are now always added to images inserted from URLs (#36735).
• Object subtype handling has been removed from register_meta(). Details about this change are explained in a post for developers.
• Resource hints are now limited to enqueued assets (#37385).
• A regression with query alterations introduced by the new WP_Term_Query has been fixed (#37378).
• The Ajax searches for installed and new plugins have been enhanced to fix several accessibility issues and to improve compatibility with older browsers. (#37233, #37373)
• The media player MediaElement.js has been updated to 2.22.0 to fix YouTube video embeds (#37363).
• The Import screen was overhauled, improving accessibility and making it much easier to install and run an importer (#35191).
• Emoji support has been updated to include all of the latest Unicode 9 emoji characters (#37361). 🤠🥕🥓🕺🏽🤝🏿
• Various bug fixes. We’ve made more than 60 changes during the last week.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Happy testing!

This is Beta 4,
The last before RC 1.
Please test all the things.

WordPress 4.6 Beta 3 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

For more information on what’s new in 4.6, check out the Beta 1 and Beta 2 blog posts, along with in-depth field guides on make/core. Some of the fixes in Beta 3 include:

• Revisions: Autosaves can now be restored when revisions are disabled (#36262).
• An improved handling of PHP’s memory limit which doesn’t lower the limit anymore (#32075).
• TinyMCE has been updated to 4.4.0 (#37327).
• HTTP API: Proxy settings weren’t honored by the new HTTP library. This has been fixed (#37107).
• Improved handling of UTF-8 address headers for emails (#21659).
• Various bug fixes. We’ve made more than 65 changes during the last week.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Happy testing!

Beta 3 is here,
The more testing, the better.
Gotta catch ‘em all!

WordPress 4.6 Beta 2 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

Notable changes since WordPress 4.6 Beta 1:

• Meta: The fallback authentication for the previous registration method has been restored. Also, retrieving registered metadata now works and non-core object types are no longer forcibly blocked. See #35658.
• REST API: The order of setting sanitization and validation has been reversed; validation now occurs prior to sanitization. Previously, the sanitization callback ran before the validation callback. See #37192.
• Customize: The order of setting sanitization and validation has been reversed; validation now occurs prior to sanitization. See #37247.
• HTTP API: WP_Http::request() returns an array again. See #37097.
• Various bug fixes. We’ve made just over 50 changes in the last week.

For more of what’s new in version 4.6, check out the Beta 1 blog post.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.

Happy testing!

Teenage Beta 2
Thirteen years of pressing words
Rejoice with testing!

WordPress 4.6 Beta 1 is now available!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

WordPress 4.6 is slated for release on August 16, but to get there, we need your help testing what we have been working on, including:

• Shiny Updates v2 ([37714]) – Shiny Updates replaces progress updates with a simpler and more straight forward experience when installing, updating, and deleting plugins and themes.
• Native Fonts in the Admin (#36753) – Experience faster load times, especially when working offline, a removal of a third-party dependency, and a more native-feeling experience as the lines between the mobile web and native applications continue to blur.
• Editor Improvements – A more reliable recovery mode (#37025) and detection of broken URLs while you type them (#36638).

There have been changes for developers to explore as well:

• Resource Hints (#34292) – Allow browsers to prefetch specific pages, render them in the background, perform DNS lookups, or to begin the connection handshake (DNS, TCP, TLS) in the background.
• New WP_Site_Query (#35791) and WP_Network_Query (#32504) classes to query sites and networks with lazy loading for details.
• Requests (#33055) – A new PHP library for HTTP requests that supports parallel requests and more.
• WP_Term_Query (#35381) is modeled on existing query classes and provides a more consistent structure for generating term queries.
• Language Packs (#34114, #34213) – Translations managed through translate.wordpress.org now have a higher priority and are loaded just-in-time.
• WP_Post_Type (#36217) provides easier access to post type objects and their underlying properties.
• The Widgets API (#28216) was enhanced to support registering pre-instantiated widgets.
• Index definitions are now normalized by dbDelta() ([37583]).
• Comments can now be stored in a persistent object cache (#36906).
• External Libraries were updated to the latest versions – Masonry to 3.3.2 and imagesLoaded to 3.2.0 (#32802), MediaElement.js to 2.21.2 (#36759), and TinyMCE to 4.3.13 (#37225).
• REST API responses now include an auto-discovery header (#35580) and a refreshed nonce when responding to an authenticated response (#35662).
• Expanded Meta Registration API via register_meta() (#35658).
• Customizer – Improved API for setting validation (#34893, #36944).

If you want a more in-depth view of what major changes have made it into 4.6, check out posts tagged with 4.6 on the main development blog, or look at a list of everything that’s changed.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs.

Happy testing!

More Shiny Updates
In 4.6 Beta 1.
And Font Natively.

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen from the Wordfence Research Team; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of  the WordPress security team.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.5.3 fixes 17 bugs from 4.5, 4.5.1 and 4.5.2. For more information, see the release notes or consult the list of changes.

Download WordPress 4.5.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.3.

Thanks to everyone who contributed to 4.5.3:

Boone Gorges, Silvan Hagen, vortfu, Eric Andrew Lewis, Nikolay Bachiyski,  Michael Adams, Jeremy Felt, Dominik Schilling, Weston Ruter, Dion Hulse, Rachel Baker, Alex Concha, Jennifer M. Dodd, Brandon Kraft, Gary Pendergast, Ella Iseulde Van Dorpe, Joe McGill, Pascal Birchler, Sergey Biryukov, David Herrera and Adam Silverstein.

WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.

Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues.

Download WordPress 4.5.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.2.

Additionally, there are multiple widely publicized vulnerabilities in the ImageMagick image processing library, which is used by a number of hosts and is supported in WordPress. For our current response to these issues, see this post on the core development blog.

After about six million downloads of WordPress 4.5, we are pleased to announce the immediate availability of WordPress 4.5.1, a maintenance release.

This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes or consult the list of changes.

Download WordPress 4.5.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.1.

Thanks to everyone who contributed to 4.5.1:

Aaron Jorbin, Andrea Fercia, Andrew Ozz, Boone Gorges, Dominik Schilling, Felix Arntz, Gary Pendergast, gblsm, Helen Hou-Sandi, Joe McGill, John Blackbourn, Nick Halsey, Pascal Birchler, and Pieter.

Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site.

---

Editing Improvements

Inline Linking

Stay focused on your writing with a less distracting interface that keeps you in place and allows you to easily link to your content.

Formatting Shortcuts

Do you enjoy using formatting shortcuts for lists and headings? Now they’re even more useful, with horizontal lines and <code>.

---

Customization Improvements

Live Responsive Previews

Make sure your site looks great on all screens! Preview mobile, tablet, and desktop views directly in the customizer.

Custom Logos

Themes can now support logos for your business or brand. Try it out with Twenty Sixteen and Twenty Fifteen in the Site Identity section of the customizer.

---

Under the Hood

---

The Crew

This release was led by Mike Schroder, backed up by Adam Silverstein as Release Deputy, Mel Choyce as Release Design Lead, and the help of these fine individuals. There are 298 contributors with props in this release. Pull up some Coleman Hawkins on your music service of choice, and check out some of their profiles:

@mercime, Aaron D. Campbell, Aaron Edwards, Aaron Hockley, Aaron Jorbin, Abiral Neupane, Ahmad Awais, aidanlane, Alice Brosey, Amanda Rush, Andrea Fercia, Andrea Gandino, Andrew Nacin, Andrew Ozz, Andrew Rockwell, Andy Meerwaldt, Ankit K Gupta, Anton Timmermans, apaliku, Aram Zucker-Scharff, ash.matadeen, Ashok Kumar Nath, BandonRandon, Barry Ceelen, Ben Dunkle, berengerzyla, Bernhard Riedl, Bhushan S. Jawle, Birgir Erlendsson (birgire), Boone B. Gorges, Brad Williams, Brady Vercher, Brandon Allen, Brandon Hubbard, Brandon Kraft, Brian Krogsgard, Bruno Borges, Callum Macdonald, Cami Kaos, Chandra Patel, Charles Fulton, Chetan Chauhan, Chouby, ChriCo, Chris Christoff, Chris Mok, christophherr, ckoerner, Claudio Sanches, Compute, coreymcollins, d4z_c0nf, Daisuke Takahashi, danhgilmore, Daniel Bachhuber, Daniel Bailey, Daniel Jalkut (Red Sweater), Daniel Llewellyn, Daniele Scasciafratte, danielpataki, Danny van Kooten, Dave Clements, David A. Kennedy, David Brumbaugh, David Herrera, David Newton, David Shanske, Davide 'Folletto' Casali, Denis de Bernardy, Dennis Ploetner, Derek Herman, Dion Hulse, dmsnell, Dominik Schilling, Dossy Shiobara, Dotan Cohen, Dreb Bits, Drew Jaynes, duaneblake, Dzikri Aziz, Elio Rivero, Ella Iseulde Van Dorpe, Emerson Maningo, Enej Bajgoric, Eric Andrew Lewis, Eric Binnion, Eric Daams, Erick Hitter, Evan Herman, Fabien Quatravaux, faishal, fantasyworld, Felix Arntz, finnj, firebird75, Fredrik Forsmo, fusillicode, Gary Jones, Gary Pendergast, gblsm, George Stephanis, Giuseppe Mamone, Giustino Borzacchiello, Grant Palin, groovecoder, Guido Scialfa, Gustavo Bordoni, hakre, Helen Hou-Sandí, Henry Wright, Hinaloe, Hugh Lashbrooke, Hugo Baeta, Iain Poulson, Ignacio Cruz Moreno, imath, Ionut Staicu, Ivan Kristianto, J.D. Grimes, jadpm, James DiGioia, Jason Adams, Jasper de Groot, Jeffrey de Wit, Jeffrey Schutzman, Jennifer M. Dodd, Jeremy Felt, Jeremy Herve, Jeremy Pry, Jesin A, Jess G., Joan Boluda, Joe Hoyle, Joe McGill, joelerr, John Blackbourn, John James Jacoby, JohnnyPea, Jonathan Brinley, Jonny Harris, Jory Hogeveen, Joseph Fusco, Josh Levinson, Josh Pollock, jrchamp, jrf, Juanfra Aldasoro, Juhi Saxena, Julio Potier, katieburch, Kelly Dwan, Kevin Hagerty, Kiran Potphode, Kirk Wight, Kite, kjbenk, Konstantin Kovshenin, Konstantin Obenland, Konstantinos Kouratoras, KrissieV, Lance Willett, leemon, Lew Ayotte, liamdempsey, Luan Ramos, luciole135, Lukas Pawlik, Lutz Schröer, madvic, Marco Chiesi, Marin Atanasov, Mario Peshev, Mark Barnes, Mark Jaquith, Mark Uraine, Marko Heijnen, Martin Burke, Matt Felten, Matt Mullenweg, Matt Wiebe, MattGeri, maweder, Mayo Moriyama, mcapybara, Mehul Kaklotar, Meitar, mensmaximus, Michael Arestad, michalzuber, micropat, Mika Epstein, Mike Glendinning, Mike Hansen, Mike Jolley, Milan Dinić, Morgan Estes, moto hachi ( mt8.biz ), Mr Papa, mwidmann, nexurium, Niall Kennedy, Nic Ford, Nick Halsey , Nilambar Sharma, Ninos, oaron, overclokk, Pascal Birchler, Pat O'Brien, Paul Bearne, Paul de Wouters, Payton Swick, Perez Labs, Pete Nelson, Peter Wilson, petermolnar, Petter Walbø Johnsgård, Pieter, Pippin Williamson, Pirate Dunbar, prettyboymp, Profforg, programmin, Rachel Baker, rahal.aboulfeth, Rami Yushuvaev, Rastislav Lamos, Ricky Lee Whittemore, Ritesh Patel, rob, Roger Chen, RomSocial, Ruud Laan, Ryan Boren, Ryan Kienstra, Ryan McCue, Ryan Welcher, Sagar Jadhav, Sal Ferrarello, salvoaranzulla, Sam Hotchkiss, Sara Rosso, Scott Arciszewski, Scott Kingsley Clark, Scott Reilly, Scott Taylor, scottbrownconsulting, scribu, Sebastian Pisula, Sergej Müller, Sergey Biryukov, Shane, Shinichi Nishikawa, Sidati, Siobhan, sky, slushman, smerriman, stephanethomas, Stephen Edgar, Stephen Harris, Steve Grunwell, Steven Word, Store Locator Plus, Subharanjan, Sudar Muthu, Sumit Singh, Taco Verdonschot, tahteche, Takashi Irie, Takayuki Miyoshi, Tammie Lister, tharsheblows, theMikeD, thomaswm, Timothy Jacobs, timplunkett, tmuikku, Toni Viemerö, Toro_Unit (Hiroshi Urabe), Tracy Levesque, Tran Ngoc Tuan Anh, Travis Smith, Ty Carlson, Ulrich, Utkarsh, vhomenko, virgodesign, vlad.olaru, voldemortensen, vtieu, webaware, Wesley Elfring, Weston Ruter, WisdmLabs, WP Delighter, wp-architect, xavortm, yetAnotherDaniel, and zinigor.

 

Special thanks go to Siobhan McKeown for producing the release video and Jack Lenox for the voice-over.

Finally, thanks to all of the contributors who provided translations for the release. WordPress 4.5 comes fully translated into 44 languages and the release video has been translated into 32 languages!

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.6!

The second release candidate for WordPress 4.5 is now available.

We’ve made 91 changes since the first release candidate. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.5 on Tuesday, April 12, but we need your help to get there.

If you haven’t tested 4.5 yet, now is the time!

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.5, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

For more information about what’s new in version 4.5, check out the Beta 1, Beta 2, Beta 3, and Beta 4 blog posts.

Developers, please test your plugins and themes against WordPress 4.5 and update your plugin’s Tested up to version in the readme to 4.5. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Polyglots, strings are now hard frozen, including the About Page, so you are clear to translate!

A few changes of note since the first release candidate:

• Normalized non-slashing of data in the REST API infrastructure. If you use the REST API infrastructure, check out the post on this change.
• Customizer settings for widget instances get registered a bit later to give a chance for the widget instances themselves to be registered first. See #36431 for details.
• Fixed various cropping issues in the Custom Logo feature and Twenty Fifteen / Twenty Sixteen themes.

Be sure to follow along the core development blog, where you can find the Field Guide for 4.5.

It’s great fun to test
Enjoyment in another
Release Candidate