WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly.  While you’re updating WP and your plugins, consider refreshing your passwords.

WordPress 2.3.2 is an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. Get 2.3.2 now to protect your blog from these disclosures.

As a little bonus, 2.3.2 allows you to define a custom DB error page. Place your custom template at wp-content/db-error.php. If WP has a problem connecting to your database, this page will displayed rather than the default error message.

For more detail on what’s new in 2.3.2, view the list of fixed bugs and see the changes between 2.3.1 and 2.3.2.

Special thanks to Alex Concha for his help on this release.

A least for those of your in the Northern hemisphere, it’s been a little chilly recently. If you’re like me you’re thinking, “WordPress keeps my servers running hot, couldn’t it warm me too?”

Yes, it can.

You can now buy hip WordPress hoodies in our store so when you’re not blogging you can loiter around the neighborhood like the people in the picture above. As before, we ship locally and internationally.

If you find you’re still in the Open Source Hoodie mood afterward, you can check out this cool Firefox one from our friends at Mozilla.

Hint: Buy the hoodie a size larger than you normally would, they run small. They’ll begin processing the orders on January 2^nd.

WordPress 2.3.1 is now available. 2.3.1 is a bug-fix and security release for the 2.3 series.

2.3.1 fixes over twenty bugs. Some of the notable fixes are:

• Tagging support for Windows Live Writer
• Fixes for a login bug that affected those with a Blog Address different than
  their WordPress Address
• Faster taxonomy database queries, especially tag intersection queries
• Link importer fixes

Unfortunately, some security issues were found in 2.3. Janek Vind found an XSS problem that can be exploited if your php setup has register_globals enabled. For this reason, upgrading to 2.3.1 is advised.

The full set of changes between 2.3 and 2.3.1 is available for viewing on trac.

Get 2.3.1 from the download page and enjoy.

WordPress 2.3.1 is almost ready to go. Before we send it out the door, we’re making a release candidate available so everyone can give it a last look.

2.3.1 fixes over twenty bugs. Some of the notable fixes are:

• Tagging support for Windows Live Writer
• A login bug that affected those with a Blog Address different than
  their WordPress Address is fixed
• Faster taxonomy database queries, especially tag intersection queries
• Link importer fixes

More details will be provided in the final release announcement. Until then, download RC1 and let us know if it fixes a particular bug in 2.3 that was annoying you. If you find that something has broken since 2.3, please open a ticket so we can address the problem before the final 2.3.1 release.

I’m thrilled to announce that Version 2.3 “Dexter” of WordPress is now ready for the world. This release includes native tagging support, plugin update notification, URL handling improvements, and much more. This release is named for the great tenor saxophonist Dexter Gordon.

The entire team is really proud of this release, and I’m happy that this is our second on-time release under our new development schedule. The grand experiment of a more agile WordPress with significant features in the hands of users more often is working. I could write a blog post about each new feature, but I’ll try to be brief:

1. Native tagging support allows you to use tags in addition to categories on your posts, if you so choose. We’ve included importers for the Ultimate Tag Warrior, Jerome’s Keywords, Simple Tags, and Bunny’s Technorati Tag plugins so if you’ve already been using a tagging plugin you can bring your data into the new system. The tagging system is also wicked-fast, so your host won’t mind.
2. Our new update notification lets you know when there is a new release of WordPress or when any of the plugins you use has an update available. It works by sending your blog URL, plugins, and version information to our new api.wordpress.org service which then compares it to the plugin database and tells you whats the latest and greatest you can use.
3. We’ve cleaned up URLs a bunch in a feature we call canonical URLs which does things like enforce your no-www preference, redirect posts with changed slugs so a link never goes bad, redirect URLs that get cut off in emails on similar to the correct post, and much more. This helps your users, and it also helps your search engine optimization, as search engines like for each page to be available in one canonical location. More info here.
4. Our new pending review feature will be great for multi-author blogs. It allows authors to submit a post for review by an editor or administrator, where before they would just have to save a draft and hope someone noticed it.
5. There is new advanced WYSIWYG functionality (we call it the kitchen sink button) that allows you to access some features of TinyMCE that were previously hidden.

You’ll notice that two of those features are straight out of the most-voted for ideas list. That’s just the user facing stuff, if you’re a developer you’ll be interested in:

1. Full and complete Atom 1.0 support, including the publishing protocol.
2. We’re using the new jQuery which is “800% faster.”
3. Behind the user-facing tags system is a really kickass taxonomy system, which adds a ton of flexibility. It’s probably the biggest schema upgrade since version 1.5.
4. The importers have been revamped to be more memory efficient, and you can now add an importer through a plugin.
5. Through hooks and filters you can now override the update system, the dashboard RSS feeds, the feed parser, and tons more than you could in 2.2.
6. The new $wpdb->prepare() way of doing SQL queries.
7. Finally there were over 351 tickets in Trac closed for this release, with over a hundred people contributing. This is the polish, the hundreds of tiny bug fixes and features that make WordPress what it is.

You can view the Codex for more information about the release and some screenshots. And of course the place to download is always the same. Before you upgrade you may want to check out our Preparing for 2.3 post and the list of compatible plugins on the Codex.

A number of people are hosting upgrade parties around the world, including myself in San Francisco. If you are let me know and I’ll promote it on my blog.

If you follow WordPress development closely you’ve probably noticed a few new faces around lately, or to be more accurate a few old faces who are taking on bigger roles in the community. I would like to take this opportunity to announce and publicly congratulate Mark Jaquith and Peter Westwood who have both become lead developers, the highest development honor on WordPress.org.

Mark Jaquith has been using and contributing to WordPress since 2004. Mark especially enjoys watching people use WordPress to express themselves in areas of the world where free expression is suppressed. But, being a voracious consumer of information, he probably reads your cat blog too.

Peter works as an Embedded Software Engineer developing a web-enabled BMS controller. Using WordPress since version 1.0.1, Peter spends his spare time triaging bugs on Trac and investigating new open source tools. When not at the computer Peter can often be found photographing flowers, animals and cars and listening to a wide variety of music.

In just a few short days WordPress 2.3 will be coming out with tons of new features that (hopefully) will make you want to upgrade right away. Well while you have a bit of time over this lovely weekend, here are some things you can do to help yourself prepare for the big upgrade on Monday:

• Back up your blog. It never goes out of style, and we have a nifty Codex page with a few different methods.
• Check for the latest versions of your plugins. Here’s a list of known compatible and incompatible plugins with 2.3, Google Sitemaps seems to be one causing a lot of issues. (Forum thread.) Upgrading might get you cool new features anyway. Don’t forget about our plugin directory.
• Enjoy the last time you have to check for plugin updates manually, as 2.3 will do it magically behind the scenes.
• Read up on how to modify your theme to add tag support.
• Consider switching your install to use Subversion to make updating ultra-easy.
• Make a list of your friends who are less computer literate so you can help them upgrade. (Maybe throw an upgrade party?)

If you have any other ideas put them on your blog and pingback this post.

The first release candidate for WordPress 2.3 is now available. We’ve spent the week since beta 3 fixing bugs and shaping RC1 into release candidate material. If you would like try RC1 and help us get 2.3 ready for its final release on Monday the 24th, download RC1 here and report any bugs you find. Although we consider this release candidate to be stable, keep in mind that this is still pre-release software. You may find some lingering bugs. Please back up your database before upgrading. If you have problems with RC1, you will not be able to revert back to your previous release without a database backup.

And a big thanks to those of you who have been testing the betas and now the RC. Your efforts make 2.3 better for everyone.

Beta 3, the third and final beta for WordPress 2.3, is now available. Many bugs have been fixed since the second beta, and we could use your help finding and fixing more bugs in preparation for the first Release Candidate due next Monday. The standard disclaimer for betas applies. Beta 3 is pre-release software that is still being tested. If you would like try out Beta 3 and help report bugs, join the wp-testers mailing list and download beta 3 here.