WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

1. Use a properly generated hash for the newbloguser key instead of a determinate substring.
2. Add escaping to the language attributes used on html elements.
3. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
4. Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

Thank you to the reporters of these issues for practicing responsible security disclosure: Rahul Pratap Singh and John Blackbourn.

Eleven other bugs were fixed in WordPress 4.9.1. Particularly of note were:

• Issues relating to the caching of theme template files.
• A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.
• The inability to edit theme and plugin files on Windows based servers.

This post has more information about all of the issues fixed in 4.9.1 if you'd like to learn more.

Download WordPress 4.9.1 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.1:

Alain Schlesser, Andrea Fercia, Angelika Reisiger, Blobfolio, bobbingwide, Chetan Prajapati, Dion Hulse, Dominik Schilling (ocean90), edo888, Erich Munz, Felix Arntz, Florian TIAR, Gary Pendergast, Igor Benic, Jeff Farthing, Jeffrey Paul, jeremyescott, Joe McGill, John Blackbourn, johnpgreen, Kelly Dwan, lenasterg, Marius L. J., Mel Choyce, Mário Valney, natacado, odyssey, precies, Saša, Sergey Biryukov, and Weston Ruter.

WordPress 4.9.1 Security and Maintenance Release was originally posted at https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/

Video: How to Add Featured Images or Post Thumbnails in WordPress

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=9admKGpM3A0

Video: How to use FTP to upload files to WordPress for Beginners

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=x3zNBt_sHJU

WordPress 4.9 “Tipton”

WordPress 4.9 Release Candidate 3

The third release candidate for WordPress 4.9 is now available.

A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. In fact, we did miss some things in RC1 and RC2. This third release candidate was not originally scheduled, but due a number of defects uncovered through your testing of RC2 (thank you!), we are putting out another 4.9 release candidate.

We hope to ship WordPress 4.9 on Tuesday, November 14 (that’s tomorrow) at 23:00 UTC, but we still need your help to get there. If you haven’t tested 4.9 yet, now is the time! If there are additional defects uncovered through testing between now and the release time, we may delay the 4.9 release to the following day.

To test WordPress 4.9, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made just over 20 changes since releasing RC2 last week (as we did between RC1 and RC2). For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3, Beta 4, RC1, and RC2 blog posts. A few specific areas to test in RC3:

• Switching between the Visual and Text tabs of the editor, and the syncing of the cursor between those two tabs.
• Overriding linting errors in the Customizer’s Additional CSS editor.
• Adding nav menu items for Custom Links in the Customizer.
• Scheduling customization drafts (stubbed posts/pages) for publishing in the Customizer.
• Autosave revisions for changes in the Customizer.
• About page styling.

Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

Didn’t squash them all 
We want to release Tuesday
New features not bugs

Thanks for your continued help testing out the latest versions of WordPress.

WordPress 4.9 Release Candidate 3 was originally posted at https://wordpress.org/news/2017/11/wordpress-4-9-release-candidate-3/

Video: How to Create a Custom WordPress Widget

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=W1bRwUe4AeE

WordPress 4.9 Release Candidate 2

The second release candidate for WordPress 4.9 is now available.

A release candidate (RC) means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.9 on Tuesday, November 14 (just over one week from now), but we need your help to get there. If you haven’t tested 4.9 yet, now is the time!

To test WordPress 4.9, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip).

We’ve made just over 20 changes since releasing RC 1 last week. For more details about what’s new in version 4.9, check out the Beta 1, Beta 2, Beta 3, Beta 4, and RC1 blog posts. Specific areas to test in RC2:

• Theme installation in the Customizer.
• Scheduling changes for publishing in the Customizer.
• Switching themes with live preview in the Customizer.

Developers, please test your plugins and themes against WordPress 4.9 and update your plugin’s Tested up to version in the readme to 4.9. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release — we work hard to avoid breaking things. Please see the summative field guide to the 4.9 developer notes on the core development blog.

Do you speak a language other than English? Help us translate WordPress into more than 100 languages!

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.

This week’s haiku is courtesy of @melchoyce:

We squashed all the bugs
But uh, if not, let us know
Also, test your stuff

Thanks for your continued help testing out the latest versions of WordPress.

WordPress 4.9 Release Candidate 2 was originally posted at https://wordpress.org/news/2017/11/wordpress-4-9-release-candidate-2/

Video: How to Increase the Maximum File Upload Size in WordPress

WPBeginner - WordPress Tutorials originally appeared at https://www.youtube.com/watch?v=eZgOQYXdLCk