WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues.
Download WordPress 4.5.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.2.
Additionally, there are multiple widely publicized vulnerabilities in the ImageMagick image processing library, which is used by a number of hosts and is supported in WordPress. For our current response to these issues, see this post on the core development blog.
After about six million downloads of WordPress 4.5, we are pleased to announce the immediate availability of WordPress 4.5.1, a maintenance release.
This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes or consult the list of changes.
Download WordPress 4.5.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.5.1.
Thanks to everyone who contributed to 4.5.1:
Version 4.5 of WordPress, named “Coleman” in honor of jazz saxophonist Coleman Hawkins, is available for download or update in your WordPress dashboard. New features in 4.5 help streamline your workflow, whether you’re writing or building your site.Editing Improvements Inline Linking
Stay focused on your writing with a less distracting interface that keeps you in place and allows you to easily link to your content.Formatting Shortcuts
Do you enjoy using formatting shortcuts for lists and headings? Now they’re even more useful, with horizontal lines and <code>.Customization Improvements Live Responsive Previews
Make sure your site looks great on all screens! Preview mobile, tablet, and desktop views directly in the customizer.Custom Logos
Themes can now support logos for your business or brand. Try it out with Twenty Sixteen and Twenty Fifteen in the Site Identity section of the customizer.Under the Hood Smart Image Resizing
Generated images now load up to 50% faster with no noticeable quality loss. It’s really cool.Selective Refresh
Better support has been added for script header/footer dependencies. New wp_add_inline_script() enables adding extra code to registered scripts.Better Embed Templates
jQuery 1.12.3, jQuery Migrate 1.4.0, Backbone 1.2.3, and Underscore 1.8.3 are bundled.The Crew
This release was led by Mike Schroder, backed up by Adam Silverstein as Release Deputy, Mel Choyce as Release Design Lead, and the help of these fine individuals. There are 298 contributors with props in this release. Pull up some Coleman Hawkins on your music service of choice, and check out some of their profiles:@mercime, Aaron D. Campbell, Aaron Edwards, Aaron Hockley, Aaron Jorbin, Abiral Neupane, Ahmad Awais, aidanlane, Amanda Rush, ambrosey, Andrea Fercia, Andrea Gandino, Andrew Nacin, Andrew Ozz, Andrew Rockwell, Andy, Ankit K Gupta, Anton Timmermans, apaliku, Aram Zucker-Scharff, ash.matadeen, Ashok Kumar Nath, BandonRandon, Barry Ceelen, Ben Dunkle, berengerzyla, Bernhard Riedl, Bhushan S. Jawle, Birgir Erlendsson (birgire), Boone B. Gorges, Brad Williams, Brady Vercher, Brandon Allen, Brandon Hubbard, Brandon Kraft, Brian Krogsgard, Bruno Borges, Callum Macdonald, Cami Kaos, Chandra Patel, Charles Fulton, Chetan Chauhan, Chouby, ChriCo, Chris Christoff, Chris Mok, Christoph Herr, ckoerner, Claudio Sanches, Compute, coreymcollins, d4z_c0nf, Daisuke Takahashi, danhgilmore, Daniel Bachhuber, Daniel Bailey, Daniel Jalkut (Red Sweater), Daniel Llewellyn, Daniele Scasciafratte, danielpataki, Danny van Kooten, Dave Clements, David A. Kennedy, David Brumbaugh, David Herrera, David Newton, David Shanske, Davide 'Folletto' Casali, Denis de Bernardy, Dennis Ploetner, Derek Herman, Dion Hulse, dmsnell, Dominik Schilling, Dossy Shiobara, Dotan Cohen, Dreb Bits, Drew Jaynes, duaneblake, Dzikri Aziz, Elio Rivero, Ella Iseulde Van Dorpe, Emerson Maningo, enej, Eric Andrew Lewis, Eric Binnion, Eric Daams, Erick Hitter, Evan Herman, Fabien Quatravaux, faishal, fantasyworld, Felix Arntz, finnj, firebird75, Fredrik Forsmo, fusillicode, Gary Jones, Gary Pendergast, gblsm, George Stephanis, Giuseppe Mamone, Giustino Borzacchiello, Grant Palin, groovecoder, Guido Scialfa, Gustavo Bordoni, hakre, Helen Hou-Sandí, Henry Wright, Hinaloe, Hugh Lashbrooke, Hugo Baeta, Iain Poulson, Ignacio Cruz Moreno, imath, Ionut Staicu, Ivan Kristianto, J.D. Grimes, jadpm, James DiGioia, Jason, Jasper de Groot, Jeffrey de Wit, Jeffrey Schutzman, Jennifer M. Dodd, Jeremy Felt, Jeremy Herve, Jeremy Pry, Jesin A, Jess G., Joan Boluda, Joe Hoyle, Joe McGill, joelerr, John Blackbourn, John James Jacoby, JohnnyPea, Jonathan Brinley, Jonny Harris, Jory Hogeveen, Joseph Fusco, Josh Levinson, Josh Pollock, jrchamp, jrf, Juanfra Aldasoro, Juhi Saxena, Julio Potier, katieburch, Kelly Dwan, Kevin Hagerty, Kiran Potphode, Kirk Wight, Kite, kjbenk, Konstantin Kovshenin, Konstantin Obenland, Konstantinos Kouratoras, KrissieV, Lance Willett, leemon, Lew Ayotte, Liam Dempsey, Luan Ramos, luciole135, Lukas Pawlik, Lutz Schröer, madvic, Marco Chiesi, Marin Atanasov, Mario Peshev, Mark Barnes, Mark Jaquith, Mark Uraine, Marko Heijnen, Martin Burke, Matt Mullenweg, Matt Wiebe, mattfelten, MattGeri, Matthew Ell, maweder, Mayo Moriyama, mcapybara, Mehul Kaklotar, Meitar, mensmaximus, Michael Arestad, michalzuber, micropat, Mika Epstein, Mike Glendinning, Mike Hansen, Mike Jolley, Milan Dinić, Morgan Estes, moto hachi ( mt8.biz ), Mr Papa, mwidmann, nexurium, Niall Kennedy, Nic Ford, Nick Halsey , Nilambar Sharma, Ninos, oaron, overclokk, Pascal Birchler, Pat O'Brien, Paul Bearne, Paul de Wouters, Payton Swick, Perez Labs, Pete Nelson, Peter Wilson, petermolnar, Petter Walbø Johnsgård, Pieter, Pippin Williamson, Pirate Dunbar, prettyboymp, Profforg, programmin, Rachel Baker, rahal.aboulfeth, Rami Yushuvaev, Rastislav Lamos, Ricky Lee Whittemore, Ritesh Patel, rob, Roger Chen, RomSocial, Ruud Laan, Ryan Boren, Ryan Kienstra, Ryan McCue, Ryan Welcher, Sagar Jadhav, Sal Ferrarello, salvoaranzulla, Sam Hotchkiss, Sara Rosso, sarciszewski, Scott Kingsley Clark, Scott Reilly, Scott Taylor, scottbrownconsulting, scribu, Sebastian Pisula, Sergej Müller, Sergey Biryukov, Shane, Shinichi Nishikawa, sidati, Siobhan, sky, slushman, smerriman, stephanethomas, Stephen Edgar, Stephen Harris, Steve Grunwell, Steven Word, Store Locator Plus, Subharanjan, Sudar Muthu, Sumit Singh, Taco Verdonschot, tahteche, Takashi Irie, Takayuki Miyoshi, Tammie Lister, tharsheblows, theMikeD, thomaswm, Timothy Jacobs, timplunkett, tmuikku, Toni Viemerö, Toro_Unit (Hiroshi Urabe), Tracy Levesque, Tran Ngoc Tuan Anh, Travis Smith, Ty Carlson, Ulrich, Utkarsh, vhomenko, virgodesign, vlad.olaru, voldemortensen, vtieu, webaware, Wesley Elfring, Weston Ruter, WisdmLabs, WP Delighter, xavortm, yetAnotherDaniel, and zinigor.
Finally, thanks to all of the contributors who provided translations for the release. WordPress 4.5 comes fully translated into 44 languages and the release video has been translated into 32 languages!
The second release candidate for WordPress 4.5 is now available.
We’ve made 91 changes since the first release candidate. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.5 on Tuesday, April 12, but we need your help to get there.
If you haven’t tested 4.5 yet, now is the time!
Developers, please test your plugins and themes against WordPress 4.5 and update your plugin’s Tested up to version in the readme to 4.5. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.
Polyglots, strings are now hard frozen, including the About Page, so you are clear to translate!
A few changes of note since the first release candidate:
- Normalized non-slashing of data in the REST API infrastructure. If you use the REST API infrastructure, check out the post on this change.
- Customizer settings for widget instances get registered a bit later to give a chance for the widget instances themselves to be registered first. See #36431 for details.
- Fixed various cropping issues in the Custom Logo feature and Twenty Fifteen / Twenty Sixteen themes.
It’s great fun to test
Enjoyment in another
Global WordPress Translation Day is a one-day contributor initiative organised by the WordPress project’s Polyglots team that is dedicated to helping new contributors who would like to translate WordPress in one of the 160 languages WordPress is available in.
Global WordPress Translation Day will be on Sunday, April 24th, starting at 0:00 UTC and will go on for 24 hours covering all time zones.
What are we doing?
- Live training: A 24h live streaming of tutorials about translating WordPress in different languages and making your code translatable (30min/1h sessions in different languages including a general instruction and specifics for that particular language). The internationalization sessions will be in English. The sessions will be presented by some of the most experienced WordPress translators and internationalization experts. The Schedule can be found on the website.
- Local translation contributor days: Groups of contributors gather at different locations and work face to face.
- Local remote translation contributor days: Current translation teams dedicate time and get involved remotely to do orientation for their potential contributors or work with their current translation teams on translating as many strings as they can.
If you organise a local meetup, why not organise a contributor day for translating in your language?
Join us! Read about the initiative and sign up as an organiser.
Can I get involved if I only speak English?
Yes! Even if you only speak English, it would be great to get involved and check out some of the English locale variants – English as spoken in the United Kingdom, Canada, New Zealand, Australia, South Africa. English has many variants across the globe and you can learn about the differences and why it’s important that users have the option to choose a variant during some of our sessions. And if you’re in a funky mood, you can give translating the interface into Emoji a try! Yes, we have a WordPress in Emoji locale!
The polyglots team and the event organisers hang out in #Polyglots in Slack. They will gladly help you out.