4.7.4 Release Candidate

After about six weeks of development, a Release Candidate for WordPress 4.7.4 is now available. This maintenance release fixes 46 issues reported against 4.7 and is scheduled for final release on Thursday, April 20, 2017.

Thus far WordPress 4.7 has been downloaded nearly 60 million times since its release on December 6, 2016. Please help us by testing this release candidate to ensure 4.7.4 fixes the reported issues and doesn’t introduce any new ones.

Notable Bug Fixes

There are a few more notable issues being addressed in this release. The first one is about broken video/audio thumbnails when uploading media (#40075). Additionally, an incompatibility between the upcoming Chrome version and the visual editor (#40305) has been solved by updating TinyMCE. Furthermore, the REST API saw some enhancements in relation to date handling (#39854, #40136).

All Changes

Here’s a list of all closed tickets, sorted by component:

Administration

  • #39983 – Consider to don’t use the CSS class button-link for controls that don’t look like links
  • #40056 – Shift-click to select a range of checkboxes isn’t working anymore since 4.7.3 update

Bootstrap/Load

  • #39445 – Add class_exists() check before defining the PasswordHash class

Build/Test Tools

  • #38500 – Automatically cancel pending Travis builds with each commit
  • #39219 – Add assertNotFalse method to WP_UnitTestCase.
  • #39367 – Don’t no-op $user_id in test suite’s wp_set_auth_cookie()
  • #39988 – The theme used during tests should call wp_head() and wp_footer()
  • #40066 – Remove the twentysixteen git clone from the Travis config
  • #40086 – Get Travis tests working again on PHP 7

Bundled Theme

  • #40216 – Twenty Seventeen: Some parts do not escape html attributes
  • #40224 – Twenty Seventeen: navigation.js should be enqueued with jQuery as dependency
  • #40264 – Twenty Seventeen: Incorrect heading hierarchy for front page sections
  • #40461 – Twenty Seventeen: Bump version and update changelog

Customize

  • #31850 – Customizer links should use canonical admin URL
  • #37471 – Widgets: If your theme only has one widget area, we should open it automatically
  • #38953 – Customize Menus: clicking outside of the available menu items panel does not close the panel
  • #39430 – sections and panels that are open and become inactive should be closed
  • #39770 – Client-side notification error is unexpectedly cleared when no corresponding server-side validation
  • #40010 – Template for site icon control fails to check if full image size exists before using
  • #40018 – Selective refresh always falls back to full refreshes when customizing the 404 template
  • #40112 – Can’t preview starter content “Home” menu item in subdirectory installation
  • #40198 – all previewable links are blocked in the customize preview on IE11
  • #40271 – Use get_user_locale() in Customizer
  • #40277 – Adding page created with the dropdown-pages settings to menu creates Custom Link instead of Page
  • #40308 – Video header control fails to use is_header_video_active() for active_callback
  • #40405 – IE9 errors when attempting to generate changeset parameter

Login and Registration

  • #39497 – Can’t log out completely without closing my browser

Media

  • #31071 – media / post_mime_type related queries are very slow on larger sites
  • #40017 – wp_get_image_mime() returns ‘application/octet-stream’ for non-image files.
  • #40075 – Broken video/audio thumbnails because of corrupted blob meta data
  • #40085 – Audio/video uploads are broken in 4.2.13 and 4.3.9
  • #40152 – Crop Image button off-screen on mobile

Networks and Sites

  • #40036 – Re-save Network Settings ruin starter content
  • #40063 – Handle site cache invalidation more specifically for option updates

Posts, Post Types

  • #39986 – Register missing REST API properties on WP_Post_Type

Quick/Bulk Edit

  • #40242 – Bulk edit tag autocomplete layout error

REST API

  • #39854 – Add gmt_offset to base /wp-json response
  • #39881WP_REST_Posts_Controller::check_read_permission() should check if $parent exists before calling itself
  • #40027 – Tags and Categories should have a “slugs” parameter for batch fetching
  • #40136 – Issues with dates and DST
  • #40213 – Users endpoint slug parameter should allow an array of slugs

Taxonomy

  • #39987 – Register missing REST API properties on WP_Taxonomy
  • #40154 – Incorrectly formatted $taxonomies parameter passed to wp_get_object_terms filter
  • #40306 – Term cache isn’t cleared completely when setting and removing object terms

Themes

  • #38292 – Introduce exclusion for WP_Theme::scandir()

TinyMCE

  • #40305 – Image popup toolbar does not support Chrome Beta

Download the Release Candidate now and help us test!

#4-7, #4-7-4, #maintenance, #release

Dev Chat Summary: March 29th (4.7.4 week 4)

This post summarizes the dev chat meeting from March 29th (agendaSlack archive).

4.7.4 Planning

  • There were only 35 open tickets in the milestone at the time of the meeting.
  • 2 bug scrubs over the last 2 weeks helped close a lot of those open tickets.
  • The release is still on schedule for the first week of May, but a few more bug scrubs are necessary.
  • If you have owned a ticket, please help test it!
  • Next bug scrub will take place on April 3, 2017 at 17:00 UTC. @stevenkword offered to help.

Editor Team

  • Nothing in particular to discuss this week.
  • Work continues on the editor feature plugin.
  • Day to day discussion and work happens in the #core-editor Slack channel, and the Gutenberg GitHub project.
  • Help testing, feedback, and contributions are welcome in both places.

REST API Team

  • No updates this week.
  • Work continues in the #core-restapi Slack channel.
  • There are some component tickets in the 4.7.4 milestone that will hopefully be closer to merge this week.

Core team reps

Open Floor Items

  • @dlh brought up #36188
  • @stevenkword brought up #20899
  • Both requested additional eyes, and people to test the fixes. Both offered to trade tickets and test.

#4-7, #4-7-4, #community-summit, #core-editor, #core-restapi, #dev-chat, #summary

Dev Chat Agenda for March 29th (4.7.4 week 4)

Please note the changed start time of this dev chat to account for DST. This is the first meeting at this new time.

This is the agenda for the weekly dev meeting on March 29, 2017 at 20:00 UTC:

  • 4.7.4 planning (bug scrubs, release date)
  • Editor team (feature plugin work is continuing on GitHub)
  • REST API team
  • Community Summit Core team reps

If you have anything to propose to add to the agenda or specific items related to the above, please leave a comment below. See you there!

#4-7, #4-7-4, #agenda, #dev-chat

Disclosure of Additional Security Fix in WordPress 4.7.2

WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately.

In addition to the three security vulnerabilities mentioned in the original release post, WordPress 4.7 and 4.7.1 had one additional vulnerability for which disclosure was delayed. There was an Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint. Previous versions of WordPress, even with the REST API Plugin, were never vulnerable to this.

We believe transparency is in the public’s best interest. It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.

On January 20th, Sucuri alerted us to a vulnerability discovered by one of their security researchers, Marc-Alexandre Montpas. The security team began assessing the issue and working on solutions. While a first iteration of a fix was created early on, the team felt that more testing was needed.

Meanwhile, Sucuri added rules to their Web Application Firewall (WAF) to block exploit attempts against their clients. This issue was found internally and no outside attempts were discovered by Sucuri.

Over the weekend, we reached out to several other companies with WAFs including SiteLock, Cloudflare, and Incapsula and worked with them to create a set of rules that could protect more users. By Monday, they had put rules in place and were regularly checking for exploit attempts in the wild.

On Monday, while we continued to test and refine the fix, our focus shifted to WordPress hosts. We contacted them privately with information on the vulnerability and ways to protect users. Hosts worked closely with the security team to implement protections and regularly checked for exploit attempts against their users.

By Wednesday afternoon, most of the hosts we worked with had protections in place. Data from all four WAFs and WordPress hosts showed no indication that the vulnerability had been exploited in the wild. As a result, we made the decision to delay disclosure of this particular issue to give time for automatic updates to run and ensure as many users as possible were protected before the issue was made public.

On Thursday, January 26, we released WordPress 4.7.2 to the world. The release went out over our autoupdate system and, over a couple of hours, millions of WordPress 4.7.x users were protected without knowing about the issue or taking any action at all.

We’d like to thank Sucuri for their responsible disclosure, as well as working with us to delay disclosure until we were confident that as many WordPress sites were updated to 4.7.2 as possible. We’d also like to thank the WAFs and hosts who worked closely with us to add additional protections and monitored their systems for attempts to use this exploit in the wild. As of today, to our knowledge, there have been no attempts to exploit this vulnerability in the wild.

#4-7, #release, #security

4.7.1 Release Candidate

A Release Candidate for WordPress 4.7.1 is now available. This security and maintenance release fixes 62 issues reported against 4.7 and is scheduled for final release on Wednesday, January 11, 2017. Note this does not address a number of other issues, which are slated for a 4.7.2 release.

Thus far WordPress 4.7 has been downloaded over 9 million times since its release on December 6, 2016. Please help us by testing this release candidate to ensure 4.7.1 fixes the reported issues and doesn’t introduce any new ones. As always, the entire WordPress project is grateful to security reporters for practicing responsible disclosure.

PHPMailer Update

Last month a security vulnerability (CVE 20016-10033) in the PHPMailer library was made public. WordPress uses this library as the basis for its email functionality. The Security Team has spent some time analysing this vulnerability, and how it applies to WordPress. This vulnerability does not appear to be directly exploitable in WordPress Core, or any major plugins in the plugin directory. The wp_mail() function, which WordPress Core and most plugins use for sending email, blocks this vulnerability from being exploited.

All Changes

Here’s a list of all closed tickets, sorted by component:

Bootstrap/Load

  • #39132 – WP 4.7, object-cache.php breaks the site if APC is not enabled in php

Build/Test Tools

  • #39327 – Database connection errors in unit tests on 4.7

Bundled Theme

  • #39138 – wordpress 4.7 default theme does not get installed when upgrading
  • #39272 – Twenty Seventeen: Incorrect $content_width
  • #39302 – Twenty Seventeen: Featured image not displayed on single template
  • #39335 – Twenty Seventeen: customize-controls.js incorrectly assumes theme_options section is always present
  • #39109 – Twenty Seventeen: starter content array needs a filter
  • #39489 – Twenty Seventeen: Bump version and update changelog

Charset

  • #37982 – 4.6.1 Breaks apostrophes in titles and utf-8 characters

Comments

  • #39280 – comment permalink wrong in WordPress 4.7
  • #39380 – wp_update_comment can cause database error with new filter

Customize

  • #39009 – Customizer: the preview UI language should be the user language
  • #39098 – Customize: Clicking on child elements of preview links fails to abort navigation to non-previewable links
  • #39100 – Customize: Edit shortcuts do not work if page hasn’t been saved and published
  • #39101 – Customize: edit shortcuts for custom menu widgets do not work
  • #39102 – Customize: Shift-click on placeholder nav menu items fails to focus on the nav menu item control
  • #39103 – Customize: menus aren’t deleted
  • #39104 – Customize: starter content home menu item needs to be a link, not a page
  • #39125 – Customize: Video Header YouTube field has issues when whitespace is inserted at beginning or end of URL
  • #39134 – Customize: custom CSS textarea is scrolled to top when pressing tab
  • #39145 – custom-background URL escaped
  • #39175 – Customizer assumes url is passed with replaceState and pushState
  • #39194 – Invalid parameters in Custom CSS and Changeset queries
  • #39198 – Customize: Apostrophes in custom CSS cause false positives for validation errors
  • #39227 – Changeset parameter not generated
  • #39259 – ‘custom_css_post_id’ theme mod of `-1` doesn’t prevent queries
  • #39270 – Use a higher priority on wp_head for inline custom CSS
  • #39349 – Customizer (mobile preview) site title extra padding
  • #39444 – Text Decoration Underline removes on hover in Customizer

Editor

  • #39276 – Link Editor bug – target=”_blank” not removed
  • #39313 – Add New button not disappearing in Distraction-free Writing mode
  • #39368 – .page-template-default body class in editor doesn’t appear in initial post/page load.

External Libraries

  • #37210 – Update PHPMailer to 5.2.21

Feeds

  • #39066 – `fetch_feed()` changes REST API response `Content-Type`
  • #39141 – RSS feeds have incorrect lastBuildDate when using alternate languages

General

  • #39148 – Correct concatenated dynamic hooks
  • #39433 – Update copyright year in license.txt

HTTP API

  • #37839 – wp_remote_get sometimes mutilates the response body
  • #37991 – fsockopen logic bug
  • #37992 – fsockopen hard codes port 443 when http scheme used
  • #38070 – RegEx to remove double slashes affects query strings as well.
  • #38226 – “cURL error 23: Failed writing body” when updating plugins or themes
  • #38232 – Setting `sslverify` to false still validates the hostname

Media

  • #39195 – Undefined index: extension in class-wp-image-editor-imagick.php on line 152
  • #39231 – Allow the pdf fallback_intermediate_image_sizes filter to process add_image_size() sizes.
  • #39250 – Undefinded Variable in Media-Modal

Posts, Post Types

  • #39211 – is_page_template could return true on terms

REST API

  • #38700 – REST API: Cannot send an empty or no-op comment update
  • #38977 – REST API: `password` is incorrectly included in arguments to get a media item
  • #39010 – REST API: Treat null and other falsy values like `false` in ‘rest_allow_anonymous_comments’
  • #39042 – REST API: Allow sanitization_callback to be set to null to bypass `rest_parse_request_arg()`
  • #39070 – WP-API JS client can’t use getCategories for models returned by collections
  • #39092 – REST API: Add support for filename search in media endpoint
  • #39150 – Empty JSON Payload Causes rest_invalid_json
  • #39293 – WordPress REST API warnings
  • #39300 – REST API Terms Controller Dynamic Filter Bug
  • #39314 – WP-API Backbone Client: buildModelGetter fails to reject deferred on fetch error

Taxonomy

  • #39215 – Support for string $args in wp_get_object_terms() broken in 4.7
  • #39328 – Adding terms without AJAX strips “taxonomy” query arg

Themes

  • #39246 – Theme deletion has a JS error that prevents multiple themes from being deleted.

Upgrade/Install

  • #39047 – Installer tries to create nonce before options table exists
  • #39057 – FTP credentials form doesn’t display the SSH2 fields on the Updates screen

 

#4-7, #4-7-1, #maintenance, #release, #security

Week in Core, November 30 – December 6, 2016

Welcome back the latest issue of Week in Core, covering changes [39380-39529]. Here are the highlights:

  • 150 commits
  • 63 contributors
  • 140 tickets created
  • 17 tickets reopened
  • 104 tickets closed
  • WordPress 4.7 released 🎉

Ticket numbers based on trac timeline for the period above. The following is a summary of commits, organized by component.

Code Changes

Administration

  • Accessibility: Remove inappropriate content from the Themes screen heading. [39528] #26601
  • Accessibility: Remove inappropriate content from the Add Themes screen heading. [39527] #26601
  • Accessibility: Remove inappropriate content from the Media Library screens headings. [39526] #26601

Build/Test Tools

  • Correctly set up the current screen during list table tests so that they don’t fail when run individually. [39481] #38761
  • Specify exact node version in package.json. [39480], [39478] #35105, #38657
  • Remove PHP 7.1 from allowed failures [39424-39425] #37625

Bundled Theme

  • Default Themes: Update version numbers and readme files for 4.7 release [39496] #38858
  • Twenty Seventeen: Fix CSS specificity problem with CSS feature query for object-fit [39495] #39073
  • Twenty Seventeen: Improve display of video header and header image in modern browsers [39485], [39483] #39035
  • Twenty Seventeen: Add specific font stack for Thai language [39484], [39482] #38937
  • Twenty Seventeen: Improve ARIA for the nav menu. [39451-39452] #39029, #39026
  • Twenty Seventeen: Ensure header text color updates in Customizer preview when cleared [39447-39448] #38993
  • Twenty Seventeen: Fix broken menu toggle in Customizer after menu items are added [39419], [39423] #38992
  • Twenty Seventeen: Fix style issues with gallery image links [39418], [39422] #38969
  • Twenty Seventeen: Hide front section panels on page load of Customizer. [39417], [39421] #38951
  • Twenty Seventeen: Add .has-header-video styles for custom color schemes. [39416] #38995
  • Twenty Seventeen: Better handling of custom headers when no image is set. [39413-39414] #38995
  • Twenty Seventeen: Make spacing on pages without comments consistent [39404-39405] #38972
  • Twenty Seventeen: Make sure header text color is applied when color schemes are active. [39397-39398] #38980
  • Twenty Seventeen: Make fixed navigation apply at correct height on front page, without header video or image [39394], [39392] #38927
  • Twenty Seventeen: Provide a background color fallback for non-webkit browsers on input styles [39388] #38939
  • Twenty Seventeen: Allow child themes to easily extend custom color patterns [39386] #38949
  • Twenty Seventeen: Make screen reader text on scroll arrow more meaningful [39384] #38970
  • Twenty Seventeen: Keep header videos from extending past footer. [39380-39381] #38950

Comments

  • Merge a similar string between comments.php, XML-RPC and the REST API comments controller. [39508] #39013

Customize

  • Prevent infinite full refresh from occurring when selective refresh falls back for a nav menu that has items excluded from rendering via filtering. [39510-39511] #38612
  • Defer populating post_name for auto-draft posts in customized state until posts are published. [39506-39507] #39078
  • Ensure changeset_uuid query param is removed from the customize.php window’s location once a changeset has been published (committed) with starter content. [39504-39505] #39081
  • Prevent posts/pages imported via starter content from being dropped when adding post/page stubs via nav menus and the dropdown-pages control. [39502-39503] #38114, #34923, #39071
  • Ensure textarea for Custom CSS displays as code (in LTR) when an RTL language is active. [39499-39500] #35395, #39085
  • Ensure a custom_css post insertion gets an initial post revision. [39479], [39477] #30854, #38672, #35395, #39032
  • Custom CSS: Change the help link to something better for users. [39467], [39466] #39015
  • Fix posts limit query arg for WP_Query from incorrect number to posts_per_page. [39434-39435] #39022
  • Reuse existing non-auto-draft posts and existing auto-draft posts in the customized state with matching slugs when applying starter content. [39411] #38114, #38928
  • Reject a changeset update when a non-future date is provided and also ensure that a published changeset always gets set to the current date/time. [39409-39410] #30937, #38943
  • Fix handling of the nav menu item labels (titles) that match defaults (original titles) and fix the display of item type labels. [39395], [39393] #38015, #38955

Feeds

General

Help/About

Media

  • Accessibility: Improve keyboard accessibility avoiding confusing tab stops in the Media views. [39529] #30599
  • Docs: Add inline documentation for image-edit.js. [39493] #38748
  • Fix regression with display of small images in media library. [39399], [39396] #38965
  • Docs: Document the usage of the global $wpdb in _filter_query_attachment_filenames(). [39390] #38973

Misc

  • Tag 4.7 [39525] #
  • WordPress 4.7 “Vaughan”. [39524] #
  • Post-RC3 bump. [39519] #
  • WordPress 4.7 RC3. [39516] #
  • Post-RC2 bump. [39474] #
  • WordPress 4.7 RC2. [39473] #
  • Twenty Seventeen: Add .has-header-video styles for custom color schemes. [39415]

Options, Meta APIs

  • REST API: Register the admin_email setting in single site only. [39470-39472] #38990
  • REST API: Site URL setting should not be present on multisite installations. [39468] #39005
  • REST API: Correct the admin_email setting description for single site installs. [39406] #38990
  • Multisite: Display different descriptions for multisite or single site installations. [39407] #38990
  • Options: Pass the $passed_default parameter to the 'default_option_{$option} filter in add_option(). [39382] #38176, #38930

Plugins

REST API

  • Comments: Merge similar strings between comments.php and the REST API comments controller. [39490-39491] #39014
  • Merge similar date strings in the revisions and comments controllers. [39488-39489] #39016
  • Treat any falsy value as false in ‘rest_allow_anonymous_comments’. [39487] #39010
  • Docs: Add missing REST API-related args to register_post_type() and register_taxonomy(). [39462-39463] #39023
  • Merge similar strings in a comments endpoint parameter description. [39457] #39036
  • Fix bug where comment author and author email could be an empty string when creating a comment. [39446], [39444] #38971
  • Fix handling of some orderby parameters for the Posts controller. [39440-39441] #38971
  • Disable DELETE requests for users in multisite. [39438-39439] #38962
  • Return a WP_Error if meta property is not an array. [39436-39437] #38989
  • Add test for creating a comment with an invalid post ID. [39408] #38991
  • Fix incorrect uses of rest_sanitize_value_from_schema(). [39400-39401] #38984

Role/Capability

  • Don’t assign the delete_site capability to anyone on single site installs. [39494] #38326
  • Multisite: Replace is_super_admin() with manage_network for admin bar permissions. [39492] #39064, #37616

Taxonomy

  • Docs: Update an @since as there will not be a 4.6.2 before 4.7. [39475-39476] #37291
  • REST API: Capability check for editing a single term should use the singular form. [39464] #35614, #39012
  • REST API: Use the correct error message when editing a single term. [39460-39461] #39017
  • REST API: Fix incorrect capability check on term create. [39402-39403] #35614, #38958
  • Performance: Revert [38677] from the 4.7 branch. This avoids fatal errors caused with recursive calling of term functions within the get_terms filter. [39454] #21760

Themes

  • Reuse existing non-auto-draft posts and existing auto-draft posts in the customized state with matching slugs when applying starter content. [39412] #38114, #38928

TinyMCE

  • Fix the styling of notices generated by the editor UI. [39501] #38917

Users

  • Clarify the return value of get_current_user_id() for non-logged-in users. [39486] #39051
  • REST API: Require the reassign parameter when deleting users. [39426-39427] #39000

Thanks to @andizer, @mor10, @adamsilverstein, @afercia, @azaozz, @boonebgorges, @celloexpressions, @ChopinBach, @clorith, @coffee2code, @davidakennedy, @dd32, @desrosj, @dlh, @flixos90, @georgestephanis, @helen, @helen, @hnle, @iaaxpage, @imnok, @jbpaul17, @jeremyfelt, @jnylen0, @joedolson, @joehoyle, @joemcgill, @johnbillion, @jorbin, @kadamwhite, @karmatosed, @ketuchetan, @laurelfulford, @littlebigthing, @lucasstark, @melchoyce, @michaelarestad, @mikeschroder, @mt8.biz, @nacin, @netweb, @ocean90, @ovenal, @pento, @peterwilsoncc, @presskopp, @rachelbaker, @rahulsprajapati, @ramiabraham, @ramiy, @rensw90, @rianrietveld, @rmccue, @samuelsidler, @sayedwp, @SergeyBiryukov, @sstoqnov, @The PHP tea, @timmydcrawford, @utkarshpatel, and @westonruter for their contributions!

#4-7, #week-in-core

4.7 Retrospective

A retrospective meeting on the WordPress 4.7  release will be held during the week of December 19th. In order to properly prepare for that retrospective and make the time as productive as possible, I would like to encourage everyone to comment below with things they would like to bring up. To help, here are three good questions to ask yourself:

  • What should WordPress start doing as a part of the development process?
  • What should WordPress stop doing as a part of the development process?
  • What should WordPress continue doing as a part of the development process?

Please remember when commenting to keep the discussion professional and focused on ways the process of creating WordPress is either already working great or can be improved.

#4-7, #retrospective

Dev Chat Summary: December 7th (4.7 launch week)

This post summarizes the dev chat meeting from December 7th (Slack archive).

Reminders

4.7 Issues Reported

  • Caches not always clearing, not something we can fix, but seems to be the most common problem
  • Couple of reports around fatals related to WP_Hook, one traced to APC the cause of the other is still unknown
    • #39132: WP 4.7, object-cache.php breaks the site if APC is not enabled in php
  • We’re unable to pinpoint why lots of folks who meet the requirements still don’t have PDF thumbnails
    • Are there more specific requirements beyond “you need Imagik, ImageMagick and Ghostscript” perhaps specific versions?
    • Many problems so far there have been outright lack of Ghostscript installed, so having the gs info when reporting bugs would be great
    • Discussion continued on capturing ghostscript, Imagick and ImageMagick versions details via a plugin (e.g., a hidden wp-admin/debug.php, https://wordpress.org/plugins/health-check/)
  • Several reports of rest_cannot_edit and similar things from the users endpoints
  • Reports of people getting denied access to the admin area, issue appears to all be caching plugins not being cleared properly
  • #39104: Customize: starter content home menu item needs to be a link, not a page
    • This is concerning for back-compatability and needs to have a coordinated Twenty Seventeen update. The usability implications are somewhat concerning for new sites being created with 4.7.0.
  • #39146: plugin.php gives error on do_all_hook() function
  • #39150: Empty JSON Payload Causes rest_invalid_json
  • Thanks to @macmanx and @clorith and all of the people volunteering in the forums! Would be great for everyone to help answer questions in the forums, its a great way to understand the problems that users are having.
    • https://wordpress.org/support/view/no-replies/ is a great place to start
    • Support handbook as reference for those helping out

4.7.1 Planning

  • Discussion on targeting 4.7.1 before the holidays in December 2016 or aiming for January 2017
    • Timing depends heavily on the severity and type of issue(s), and not the amount of issues
    • Target is to get close to a 4.7.1 RC by the end of the year
    • Two bug scrubs happening this week (see the Bug Scrubs reference in Reminders section above) that will give us an idea of what’s realistically close to being ready for a December release.
  • No immediate Release Lead for 4.7.1
  • Handbook reference for releasing minor versions

4.7 Retrospective

  • We failed at getting the field guide and email to plugin dev out early though. We have aimed to have that out around beta 2 and usually end up getting it out around RC the last few releases.
  • We will post a general request for feedback on Make/Core to capture Retrospective input
  • We will review the feedback and then present it for discussion during the dev chat on December 21st and agree on action items on how we can improve in the future

#4-7, #core, #dev-chat, #summary

WordPress 4.7 Field Guide

WordPress 4.7 is shaping up to be the best WordPress yet!  Users will receive new and refined features that make it easier to “Make your site, YOUR site”, and developers will be able to take advantage of 173 enhancements and feature requests added.  Let’s look at the many improvements coming in 4.7…

RESTing, RESTing: 1, 2, 3

The foundation for RESTful APIs has been in core since 4.4, and 4.7 sees the addition of Content Endpoints after a healthy discussion. We’ve defined four success metrics as part of the merge discussion and you can help by building themes and plugins on top of the API, using the API in custom development projects, and utilizing the API for a feature project, core features, or patches. So, dive in, start playing around, and let us know what you build!

https://make.wordpress.org/core/2016/10/08/rest-api-merge-proposal-part-2-content-api/

 

It don’t mean a thing, if you ain’t got a theme

No matter if you are building themes for public consumption, as a bespoke project for a major public company, or anything in between WordPress 4.7 has something to help you.

https://make.wordpress.org/core/2016/11/29/theming-with-twenty-seventeen/

https://make.wordpress.org/core/2016/11/26/video-headers-in-4-7/

https://make.wordpress.org/core/?p=20650

https://make.wordpress.org/core/2016/11/10/visible-edit-shortcuts-in-the-customizer-preview/

https://make.wordpress.org/core/2016/11/07/whitespace-changes-in-navigation-for-4-7/

https://make.wordpress.org/core/2016/11/03/post-type-templates-in-4-7/

https://make.wordpress.org/core/2016/11/03/new-post-type-labels-in-4-7/

https://make.wordpress.org/core/2016/09/09/new-functions-hooks-and-behaviour-for-theme-developers-in-wordpress-4-7/

The Voyages of USS Media

Two notable changes, enhanced PDF support in the media library and changes to the default fallbacks for image alt attributes, are explained in separate posts.

https://make.wordpress.org/core/2016/11/15/enhanced-pdf-support-4-7/

https://make.wordpress.org/core/2016/11/11/improving-accessibility-of-image-alternative-text-in-4-7/

Media also received other exciting enhancements and bug fixes you should check out.

Around the World

The way users understand the words on WordPress are important and now users will be able to select their personal preferred language.

https://make.wordpress.org/core/2016/11/07/user-admin-languages-and-locale-switching-in-4-7/

 

For Whom Customization Tolls

The customize component will now support the ability to create pages within live preview during site setup; will have a faster, smoother, and more accessible navigation; will automatically persist your changes in the background while you browse your site and switch themes; and will let you fine-tune your site with custom CSS.

https://make.wordpress.org/core/?p=20534

https://make.wordpress.org/core/2016/10/12/customize-changesets-technical-design-decisions/

https://make.wordpress.org/core/2016/09/28/changes-to-customizer-sliding-panelssections-in-wordpress-4-7/

https://make.wordpress.org/core/2016/11/26/extending-the-custom-css-editor/

 

Reading, Writing and Teriffic

Whether you’re creating content in the WordPress Admin or concerned about comment moderation, we’ve got updates that will be sure to please you.

https://make.wordpress.org/core/2016/10/28/editor-changes-in-4-7/

https://make.wordpress.org/core/2016/10/11/comment-allowed-checks-in-wordpress-4-7/

 

The Foundation of WordPress

For those who like to get “under the hood” of WordPress, we’ve got some improvements that will hopefully make your life easier.

https://make.wordpress.org/core/2016/11/07/changed-loading-order-for-current-user-in-4-7/

https://make.wordpress.org/core/2016/11/04/multisite-focused-changes-in-4-7/

https://make.wordpress.org/core/2016/11/03/attributes-for-resource-hints-in-4-7/

https://make.wordpress.org/core/2016/11/02/wp_list_sort-and-wp_list_util-in-4-7/

https://make.wordpress.org/core/2016/10/29/wp_taxonomy-in-4-7/

https://make.wordpress.org/core/2016/10/28/fine-grained-capabilities-for-taxonomy-terms-in-4-7/

https://make.wordpress.org/core/2016/09/08/wp_hook-next-generation-actions-and-filters/

https://make.wordpress.org/core/2016/10/26/registering-your-settings-in-wordpress-4-7/

 

But Wait, There is More!

Over 447 bugs, 165 enhancements, 8 feature requests, and 15 blessed tasks have been marked as fixed in WordPress 4.7. Some additional ones to highlight include:

  • Make media library searchable by file name (#22744)
  • Improved Custom Background Properties UI (#22058)
  • Hue-only Color Picker (#38263)
  • Fix Sections that .cannot-expand (#37980)
  • Allow Plugins to do Comprehensive Late Validation of Settings (#37638)

Please, test your code. Fixing issues now, before 4.7 is released, helps you and helps millions of WordPress sites.

#4-7, #dev-notes, #field-guide

There is a quiet RC2 now available it…

There is a quiet RC2 now available – it is a fair number of commits (50+), so please take a look through those and test as you can.

#4-7