Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
This issue affects all versions of WordPress prior to 3.0.4, so if you are still on a 2.X release you need to update as well.
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
Package:
Summary:
Generate images with text using Imagick extension
Groups:
Author:
Description:
This class can be used to generate images with text using Imagick extension.
It can create an image and overlay one or more images and text strings. It can also add a border to the final image.
The generated image can be saved to a file in JPEG format or served as the current script output.
Package:
Summary:
Take backups of cPanel based hosting accounts
Groups:
Author:
Description:
This class can be used to take backups of cPanel based hosting accounts.
It sends HTTP requests to a cPanel hosting panel server to request a backup of a given user account.
The backup data is saved to a given local file.
Package:
Summary:
Compose and send e-mail messages with attachments
Groups:
Author:
Description:
This class can be used to compose and send e-mail messages with attachments.
It can compose e-mail messages given the headers and body values.
The class can attach multiple attachment files to the message.
The composed message is sent with the mail function.
I am often asked how decisions are made for WordPress, who’s involved in decision-making, and how the open source project is structured in general. WordPress is a meritocracy, meaning that anyone can get involved, and a combination of the quality of someone’s contributions and their level of interest/time commitment will determine how much influence they have over decisions. Because these factors vary, we have several levels of contributors to the core WordPress application, ranging from full-time lead developers to casual one-patch contributors.
I loved it when that Intel commercial in 2009 gave Ajay Bhatt, co-inventor of the USB, some recognition as a rock star of geekland (though I hated it that it wasn’t actually Ajay Bhatt, but an actor — way to kill the message, Intel).1 In WordPress-land, most people know who Matt Mullenweg is, but most of the other leaders and contributors are much less visible. Moving forward, I’m going to be posting profiles here of some of our more dedicated contributors.
Why now? We’re coming up on the second annual WordPress core leadership meetup in January 2011, and we’re thinking we’ll hold a video town hall at some point during our time together. Between now and then the profiles I post will be of the core developers who will be at the meetup. After that, I’ll be branching out and posting about other contributors, including developers, designers, forum moderators, etc.
I’ll post here in January when we have dates/times set for the video town hall. In the meantime, you can submit questions for us to answer then in the forum thread What Should 2011 Hold for WordPress?
To get a sense of how all these people fit together and how decisions are made, you can check out the presentation I did at WordCamp Portland in October on How WordPress Decisions Get Made.
1 – And how lame is it that Conan O’Brien’s interview with the real Ajay Bhatt is no longer available on the The Tonight Show’s website, and everyone’s embedded videos are blank? I found a copy of it here. And here’s the original Intel commercial if you were living under a rock and never saw it.
Package:
Summary:
Display paginated MySQL results updated using AJAX
Groups:
Author:
Description:
This class can be used to display paginated MySQL query results updated using AJAX requests.
It can execute a given MySQL query and generate a response to update a page that shows different pages of query results using AJAX to avoid page reloading.