WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
The security fixes included:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
- Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
- Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.
Download WordPress 3.5.2 or update now from the Dashboard → Updates menu in your site’s admin area.
Based out of Boston, Massachusetts, DemoFlick came to us when their website was not reflecting the high quality explainer videos they were producing.
They laid out three goals for us to accomplish:
1) Show off their work more prominently.
2) Increase Conversion
3) Allow them to update their portfolio easily.
By placing quick contact forms throughout the site along with call to action buttons we’re confident DemoFlick’s conversions will increase. We took our custom design and created a WordPress theme with custom post types that will allow DemoFlick to update their portfolio.
WordPress 3.6 Beta 1 is now available for download. Perhaps the most anticipated feature is the freshening up of the revisions section.
Here’s what else is new in 3.6:
- Post Formats: Post Formats now have their own UI, and theme authors have access to templating functions to access the structured data.
- Twenty Thirteen: We’re shipping this year’s default theme in our first release of the year. Twenty Thirteen is an opinionated, color-rich, blog-centric theme that makes full use of the new Post Formats support.
- Audio/Video: You can embed audio and video files into your posts without relying on a plugin or a third party media hosting service.
- Autosave: Posts are now autosaved locally. If your browser crashes, your computer dies, or the server goes offline as you’re saving, you won’t lose the your post.
- Post Locking: See when someone is currently editing a post, and kick them out of it if they fall asleep at the keyboard.
- Nav Menus: Nav menus have been simplified with an accordion-based UI, and a separate tab for bulk-assigning menus to locations.
- Revisions: The all-new revisions UI features avatars, a slider that “scrubs” through history, and two-slider range comparisons.