WordPress 2.6.5 in detail

WordPress 2.6.5 has been released and includes a number of changes including one security fix, here is a list of the changes in detail:

• Added a check for the correct post_type to blogger.editPost and blogger.deletePost (#8267).
• Updates to update_post_meta() and delete_post_meta() to ensure they work correctly with post revisions and don’t create the meta on the revision instead of the post (#7925).
• Protection for a very difficult to exploit XSS issue (#8291).
• Fix for an XSS issue with the Atom and RSS feeds on some hosting setups ([9754], [9770]).

For a complete list of all the changes you can read this section of the branches/2.6 log on the WordPress bug tracker.

Note that we have skipping version 2.6.4 and jumped from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds.

There is not and never will be a version 2.6.4.

WordPress weekly digest 24th December to 30th December 2007

It has been a busy week again for WordPress 2.4, the changes this week were:

• Improvements and refactoring of the WXR importer including supporting zipped xml files (#5522).
• Changes to allow the salt used by WordPress in password generation and other areas to be overridden using a define ([6478]).
• Documentation for author-template.php, bookmark.php, bookmark-template.php, template-loader.php, compat.php, canonical.php, comment-template.php and file level phpdoc for some other files. (#4393, #5523, #5521, #5513, #5510, #5526, #5528, and #5527 ).
• Improved implementation of the javascript addLoadEvent function to speed up the execution of javascript on admin pages ([6482]).
• Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack (#5484).
• Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post (#5535).
• Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check (#5534).
• Addition of extra capabilites checks to xmlrpc methods ([6504]).
• Addition of extra capabilites checks to APP server ([6508]).
• Changes to validate_file() to improve its traversal attempt detection when running on windows ([6521]).
• Changes to the magic number detection for gettext file loading for better support of 64bit systems (#3780).
• Fixes to the tag extraction code so as to not strip ‘s’ from either end (#5539).
• Updated javascript libraries -Prototype 1.6.0 and script.aculo.us 1.8.0 (#5543).
• Introduction of deprecated function and file use tracking functionality to allow for theme and plugin developers to easily identify what is deprecated. (#4361).
• Better documentation for the_author() and prep_atom_text_construct() ([6515], [6516]).
• Final deprecation of comments_rss() and create_user() ([6517]).
• A change to avoid variable expansion in the invalid $table_prefix error message (#5546).

This week the list of changes is quite long event though a lot of time was spent on the preparation and testing of the recent WordPress 2.3.2 maintenance release for which you can read a detailed list of the changes here – don’t forget to upgrade!

You can read more about the support for theme and plugin developers to help identify what deprecated functions or files they might be using in this post – “Tracking deprecated functions”

For even more information on some of the other little changes that went in this week you can read the whole weekly trac timeline.

WordPress 2.3.2 in detail

WordPress 2.3.2 has been released and includes a number of changes including one security fix, here is a list of most of the changes in detail:

• Performance improvements for post sanitization when raw content is required (#5325).
• Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts. (#5487).
• Suppression of database errors unless WP_DEBUG is true (#5473).
• Check for valid database connection information during install and display and error if the install fails due to database rights (#5495).
• Support for a custom database down page to be displayed on database connection errors (#5500).
• Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types ([6450]).
• Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack (#5484).
• Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post (#5535).
• Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check (#5534).
• Addition of extra capabilites checks to xmlrpc methods ([6504]).
• Addition of extra capabilites checks to APP server ([6508]).
• Changes to validate_file() to improve its traversal attempt detection when running on windows ([6521]).

For a complete list of all the changes you can read this section of the branches/2.3 log.

WordPress weekly digest 22nd October to 28th October 2007

This week the list of changes is quite short as a lot of time was spent on the preparation and testing of the recent WordPress 2.3.1 maintenance release – you can read a detailed list of the changes in my post from Friday.

The changes going into WordPress 2.4 this week have included:

• A increase in the types of sorting supported by get_terms() (#5245).
• Separation of taxonomy relationships into separate cache buckets ([6286], [6288])
• Fixes to the manage posts page to restoring the filtering functionality with the new “infinite posts” feature (#5249)
• A fix in install-helper.php so that you do not get errors when included from a plugin (#5090)

For even more information on some of the other little changes that went in this week you can read the whole weekly trac timeline.