April has been a particularly busy month in the community — we’ve got a new WordPress release, a whole lot of security concerns and some interesting business developments.
WordPress 4.2 & 4.2.1
After a series of beta releases and four release candidates, WordPress 4.2 was released a day later than originally slated. Within 24 hours of release, v4.2.1 was also released to fix a potential cross-site scripting (XSS) vulnerability – this was pushed out as an automatic update and the same fix was applied to the 4.0 and 4.1 branches so older versions were also patched at the same time.
The XSS vulnerability that was patched in v4.2.1 was the last in a series of security concerns that have affected WordPress recently. Some of these concerns were isolated to specific plugins, but this one was essentially the result of poor documentation affected a thousands of plugins in the WordPress repository and resulted in a coordinated effort by plugin developers to patch as many of them as possible. You can read more about the issue and how to fix it in your plugins here.
It’s worth noting that this was not due to a bug — instead it was due to the fact that the WordPress core documentation did not adequately describe how certain functions work. This serves to highlight that not only is the WordPress code base open-source, but so is the documentation, and it is up to every user to make sure that the resources available to the community are kept up to date and relevant as much as possible.
Elto joins GoDaddy
Elto (formerly known as Tweaky) has joined GoDaddy to enhance their efforts to create a global WordPress marketplace that can serve businesses of all sizes. Aside from being a significant boost to Elto’s footprint, this move also helps to solidify GoDaddy’s presence in the WordPress community.
WordPress 4.3 & 4.4 release leads
At the beginning of the month (before WordPress 4.2 was released), the individuals who would be leading the next two releases of WordPress (v4.3 and v4.4) were announced. While release leads have been rotating since v3.5, this is the first time that they have been announced so far in advance, which, amongst other things, allows for these releases to be more smoothly planned and to work more effectively in unison.
The release lead for WordPress 4.3 is Konstantin Obenland and for 4.4 it is Scott Taylor, both of whom have been actively involved in the project for many years and are easily recognizable for their huge contributions so far.
WordPress 4.3 development
Shortly after the release of WordPress 4.2, Konstantin Obenland started the 4.3 development cycle with a kickoff post as well as the project schedule. This release is going to have a strong focus on the admin UI as well as the mobile experience of WordPress, but if there’s a particular ticket that you would like to see included in this release, you can add it to this post.
There was a lot more news this month that is worthwhile taking note of. Have a look at a few of the links below for some interesting stories and updates:
- ManageWP launched a WordPress events portal
- The WordPress REST API has reached v2 beta-1
- Obox has teamed up with Envato to manage their official Layers marketplace
- WordPress 4.2 included some significant accessibility enhancements that all theme and plugin developers should take note of
- Postmatic is now officially out of beta and brings email-based commenting to WordPress for everyone