For the first REST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. release of 2016, we bring you: 2.0 Beta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 10 “Chief Wiggum”. Because we’ve got security releases too, Ralphie.
Security Releases
On Friday, we discovered that attachments uploaded to private posts are publicly queryable through the REST API. This is a form of information disclosure because WordPress’ permissions model is such that attachments uploaded to posts should inherit the visibility of their parent post.
All previous versions of the plugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party are affected. All WP REST API users are strongly encouraged to update immediately. Many prior releases has been separately patched. If you’re still using WP-API An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. v1.x, you can update to v1.2.5. If you’re on an older 2.0 Beta for whatever reason, we’ve tagged versions 2.0 Beta 3.1, 4.1, 5.1, 6.1, 7.1, 8.1, and 9.1.
If you believe you have discovered a potential security vulnerability with the WP REST API, please disclose it to us privately by sending an email to security@wordpress.org. Security issues can also be reported via HackerOne.
Version 2.0 Beta 10
Here are some of the highlights of Beta 10:
- Breaking changes:
- Removes compatibility repo for WordPress 4.3. WordPress 4.4 is now the minimum supported version.
- Changes link relation for types and taxonomies. In Beta 9, this link relation was introduced as
item
, which isn’t correct. The relation has been changed to https://api.w.org/items
.
- Introduces
edit
context for wp/v2/types
and wp/v2/taxonomies
. Some fields have moved into this context, which require edit_posts
and manage_terms
, respectively.
- Removes
post_format
as a term _link
for Posts. Post formats aren’t a custom taxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. in the eyes of the REST API.
- Consistently query for a specified set of items. Adds
include
param to /wp/v2/posts
, /wp/v2/users
, /wp/v2/<taxonomy>
and /wp/v2/comments
.
- Tons of minor improvements and bug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. fixes. You should read the full changelog for all of them.
As always, we have a detailed changelog as well as the full set of changes if you’re interested.
#feature-plugins, #json-api, #rest-api