Release of a new version of WordPress 4.2 Powell and a security breach
On April 23, WordPress v4.2 “Powell” was released, named after jazz singer Bud Powell, under the slogan Communicate and share, globally (“Communicate and share around the world”). In addition to a number of fixes and important changes, it is also distinguished by a vulnerability that allows hackers to gain full access to the updated site.
The new version of WordPress almost completely changes the Press This tool, adds support for Emoji emoticons, simplifies working with plugins and themes, and also adds several useful features for developers, which we will discuss below.
')
The Press This function has undergone a number of significant changes. Now it is a more convenient tool for creating notes and sketches, similar to a separate browser application. By adding it to your bookmarks, you can save any interesting information, or immediately share with readers of the blog.
With version 4.2, Emoji emoticons are supported, they can be used absolutely everywhere, even in the URL address of the page. Emoji is documented in Unicode and displayed on almost all modern operating systems and browsers. If your system does not support smiles, you can find them on special resources, for example, Get Emoji.
For the standard, Twemoji emoticons from Twitter were chosen. All faces are vector and will look equally good regardless of monitors and displays.
They will appear as their system emoji, but if your browser or operating system does not have their emoji, they will be replaced with Twemoji automatically.
To the category of new characters, you can add full support for the hieroglyphs of Asian countries.
The new configurator, which allows you to change and preview topics, received a search and the ability to do it all on the fly. The configurator itself began to work better, more stable and smoother. With us on TemplateMonster you can already find a huge number of themes for your site, adapted to the new version of WordPress 4.2 Powell: www.templatemonster.com/ru/wordpress-themes-type
Our latest Wordpress template 4.2 compatible
Updates now take place in one click, and are similar to application updates. This can now be done directly from the page of all your plugins, and you can now upgrade from the search and install page for new plugins.
A new wp.a11y.speak () method has appeared to increase the accessibility of interfaces for people with disabilities. It allows the browser to report what is “happening” on a web page.
For alerts on administrative pages, you can add new .notice and .is-dismissible classes, when you see WordPress add a small cross to hide the notification.
For the ability to save emoticons (Emoji) in WordPress added support for utf8mb4 encoding. Previously, installing WordPress in this encoding was quite problematic due to the size of the indexes in the database (creating some tables caused errors in MySQL at the time of installation). If your plugins create additional tables, fields or indexes in the database, we recommend checking their functionality and compatibility with utf8mb4 encoding.
The classes WP_Query, WP_Comment_Query, etc., were able to sort by specific meta-fields.
The remaining changes numbered more than 600. The most significant is the insertion of Tumblr and KickStarter directly into the text of your blog. The default color scheme has become more harmonious, and so on.
All changes can be viewed here .
If you opened this article just for the sake of vulnerability information, here it is: after upgrading to the Powell version, sites with TwentyFifteen themes and the JetPack plugin become open to attack. Hackers can be tricked into clicking on one link and gaining full access to your site.
Fortunately, the solution to the problem is very simple: remove example.html and upgrade to version 4.2.1 released two days after identifying the problem. If you are at risk, we strongly recommend that you do it right now.
The TemplateMonster service team wishes you a convenient and secure CMS!
The new version of WordPress almost completely changes the Press This tool, adds support for Emoji emoticons, simplifies working with plugins and themes, and also adds several useful features for developers, which we will discuss below.
Don't Press This
')
The Press This function has undergone a number of significant changes. Now it is a more convenient tool for creating notes and sketches, similar to a separate browser application. By adding it to your bookmarks, you can save any interesting information, or immediately share with readers of the blog.
Emoticons
With version 4.2, Emoji emoticons are supported, they can be used absolutely everywhere, even in the URL address of the page. Emoji is documented in Unicode and displayed on almost all modern operating systems and browsers. If your system does not support smiles, you can find them on special resources, for example, Get Emoji.
For the standard, Twemoji emoticons from Twitter were chosen. All faces are vector and will look equally good regardless of monitors and displays.
They will appear as their system emoji, but if your browser or operating system does not have their emoji, they will be replaced with Twemoji automatically.
To the category of new characters, you can add full support for the hieroglyphs of Asian countries.
Topic Management
The new configurator, which allows you to change and preview topics, received a search and the ability to do it all on the fly. The configurator itself began to work better, more stable and smoother. With us on TemplateMonster you can already find a huge number of themes for your site, adapted to the new version of WordPress 4.2 Powell: www.templatemonster.com/ru/wordpress-themes-type
Our latest Wordpress template 4.2 compatible
Plugin update
Updates now take place in one click, and are similar to application updates. This can now be done directly from the page of all your plugins, and you can now upgrade from the search and install page for new plugins.
Changes for developers
A new wp.a11y.speak () method has appeared to increase the accessibility of interfaces for people with disabilities. It allows the browser to report what is “happening” on a web page.
For alerts on administrative pages, you can add new .notice and .is-dismissible classes, when you see WordPress add a small cross to hide the notification.
For the ability to save emoticons (Emoji) in WordPress added support for utf8mb4 encoding. Previously, installing WordPress in this encoding was quite problematic due to the size of the indexes in the database (creating some tables caused errors in MySQL at the time of installation). If your plugins create additional tables, fields or indexes in the database, we recommend checking their functionality and compatibility with utf8mb4 encoding.
The classes WP_Query, WP_Comment_Query, etc., were able to sort by specific meta-fields.
Other changes
The remaining changes numbered more than 600. The most significant is the insertion of Tumblr and KickStarter directly into the text of your blog. The default color scheme has become more harmonious, and so on.
All changes can be viewed here .
Vulnerability
If you opened this article just for the sake of vulnerability information, here it is: after upgrading to the Powell version, sites with TwentyFifteen themes and the JetPack plugin become open to attack. Hackers can be tricked into clicking on one link and gaining full access to your site.
Fortunately, the solution to the problem is very simple: remove example.html and upgrade to version 4.2.1 released two days after identifying the problem. If you are at risk, we strongly recommend that you do it right now.
The TemplateMonster service team wishes you a convenient and secure CMS!
Source: https://habr.com/ru/post/258281/
All Articles