4.9.5 Feedback: leading a WordPress minor release

WordPress 4.9.5 was released a couple of weeks ago, at the scheduled time and without known issues.

We (@audrasjb and @danieltj) had the pleasure to co-lead this minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. of the CMS, with @sergey‘s invaluable help as deputy and @jbpaul17’s mentorship. For this releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software., we were two co-leaders, contributing to the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. for a short time, and none of us had core committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. status. Thank you all again for trusting us for this task.

Below you will find some feedback and tips we wanted to share with you and we hope this will encourage others to get involved in such an adventure.

To lead a WordPress release, you don’t have to be a core committer,
you have to deeply care about the WordPress open-source project.

Initially, we wondered how the two of us could claim to run a WordPress release without commit access.

In fact, there are many tasks that are not related to the commit action itself, but require a good knowledge of the ecosystem, the people and teams involved and how the release process works. Here are some examples of tasks to do:

  • Triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors.: sorting tickets and status update. This is a very time consuming task, because you have to dive into each ticketticket Created for both bug reports and feature development on the bug tracker., read all the discussions and check if the patches are ready to land in your minor version or not.
  • Bug scrub meetings: these take place in the #core SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel and is about sorting TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets to check if the patches and improvements are on track. You have to ask the Component Maintainers, designers, accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) specialists or focus leads to help their resolution. We must plan a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrub a week or two prior to the release.
  • Dev chats: the weekly meetings of the Core team to discuss progress of the current release, to talk about future releases and to focus on particular points. I had a hard time on that side for the first dev chat I led with the launch of a lively discussion around GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/’s merge proposal and WordPress versioning. In this kind of situation, you have to stick to a rational approach and try to allow everyone to express themselves.
  • Post writing, Trac tickets answering, codex editing and all stuff related to communication. This is very time consuming, so prepare it carefully.

You must also organize yourself for the release process. The complete process is detailed in this handbook: Releasing minor version.

Key moments of a WordPress release

  • D-30 to D-15 – here you are, leading the next minor version of WordPress:
    • You should go around all tickets tagged for this minor version. Take time to read each ticket carefully. During your bug scrubs, you’ll have to be comfortable with each of them, especially with their progress and last discussions. Feel free to get in touch with the related Component Maintainers.
    • Feel free to check out other tickets tagged for the next major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope. and are already committed. It is quite possible to bring them back to your minor if they are self-contained fixes (and not enhancements) and do not result in any new file being created in WordPress core. We were able to repatriate 5 or 6 patches WP 4.9.5. Personally, I managed a spreadsheet with all the tickets to watch. This document helped me a lot later.
    • Prepare each bug scrub and dev chat in advance: it’s better to copy and paste at these meetings so you can follow the discussions as well.
    • Ask for access to write posts on Makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility)./Core and to be able to notify contributors in the core Slack channel with @here command.
  • D-15 – BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. release:
    • Last bug scrub: all tickets must be committed in the branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch".. Those who are not ready must be “punted” to the next release. Do not take any risks.
    • One day before, contact lead developers to make sure someone will be available to build your RC package. Do not make the same mistake we made: we ended up with a ready beta but no one to build the package. You must warn Mission Control people in advance!
    • Publish your post on Make/Core : reuse previous posts format and indicate changes so people can test your beta.
  • D-7 – Release candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta).:
    • Final Bugscrub: Some last tickets may be committed for RC, but they must have been checked by an experienced core-committer and approved. Besides, two checks are better than one.
    • One day before, contact Mission Control to make sure someone will be available to build your RC package.
    • Publish your post on Make/Core.
    • Bump version number and update changelog for all concerned bundled themes. Here is the standard Trac ticket I made.
  • D-2:
    • Get in touch with the Akismet team to check if a new version is ready to land in the release.
    • Get in touch with the people in charge of bundle themes and ask them to prepare to deliver a new release of the related themes on w.org.
    • Get in touch with Mission Control team and ask them for their availability for the D-day.
  • D-1:
    • Get in touch with the Security team (usually they will come to you) to know if security patches will land in your release (we had three security patches). Obviously, this information is confidential, you can not communicate it.
    • Prepare the changelog of the new version with the complete list of changes for the Codex changelog (if the release contains security patches applied to all the supported branches, it would be necessary to make a new page for each version!) And for the Make/Core post.
  • D-Day:
    • Build the packages (current branch + previous branches if a security patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. is delivered) with Mission Control team.
    • Ask MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team to prepare the list of contributors of the release and to update credits APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways..
    • Prepare to publish the Make/Core Post and the /News Post, they must be published right after auto updates start.
    • Prepare some standard announcement such as “@committers please refrain from committing while we package the 4.9.5 release.” or “Heads up to everyone following along: We’re in the process of releasing right now. You’ll see some builds appear in this channel, but we have not released until there is a new post on WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org//news/. Please do not tweet, publish, or otherwise announce a release until there is a public post about it on WordPress.org” for Slack, to repeat regularly during the build process.
    • Prepare local test instances to test each package of each version of WordPress on different PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 environments. Hopefully, other contributors can help you test the packages on their side.

Once launched, that’s the big day. The release is built and auto updates will be done on WordPress installations around the world. Feel free to ask the Mission Control for some statistics – the figures are incredible. Unfortunately, it is not publicly available, but you will certainly be pleased to know in real time the number of people who are enjoying your work.

At the next devchat, you will carefully follow the feedback from the Support Forums team who will give you feedback from users. Fortunately, in our case, nothing went wrong.

Various remarks

  • Remember to warn the people who have Mission Control access a day or two before each release (beta, RC, final release). Without them, you can’t do anything! In our case, we did not manage the beta and the RC very well and only succeeded at the last moment. Thank you for those that helped, who were understanding and caring.
  • An issue when you are relatively new in Core development is to find the right people to contact. Do not hesitate to get in touch with as many people as possible, they will put you touch with the people who can help you. Remember: you can’t build a WordPress release alone.
  • Do not hesitate to get in touch directly with the people who can help you: Component Maintainers, Focus Leads, Theme and / or PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party Teams, Mission Control, Security. A little introductory message at the very beginning of the release does not hurt, and everyone will be very happy to help you if needed.
  • Attend as many component/focus meetings as possible. Some changes may affect your release and it allows you to know how specific tickets are doing.
  • Plan about three evenings a week to work on the release, during a month. It depends on your timezone but in my case, I had to book at least every Tuesday and Wednesday evening, sometimes until very late at night. Outside, you will also follow what happens in the tickets throughout the week. Tell your boss to get some time for it (thanks to my agency for giving me some time during office hours).
  • Organize well so you do not have any last minute surprises. For example, we were ready to integrate the “Try Gutenberg Callout” or not, and we considered both solutions, whether on the general organization or during changelogs writing and blogblog (versus network, site) posts on Make/Core.
  • If you are running as a co-lead (which is better), alternate the lead equally so that everyone can enjoy the experience of triage, bugscrubs, developers chats and the whole release process.
  • [more personally] If you are not a native English speaker, it’s not the end of the world: focus on putting your ideas first. Nobody will reproach you for not speaking perfect English. WordPress contributors are kind, understanding and professional people.
  • Enjoy all this because time flies!

In conclusion, leading an open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. project is above all, rewarding and difficult. It’s no easy feat to manage a team of volunteer contributors and ensuring things run smoothly is a challenge in and of itself, let alone the bugs! Constant communication and asking questions will always put you ahead. No one should feel ashamed to ask an easy question and those kinds of questions are very welcome. Sharing knowledge is more powerful than feeling bad that you don’t know the answer. You should also feel like you can lead too. This doesn’t mean telling people what to do, but being firm and leading and making decisions makes everything move forward much more quickly. To sum up, the human part is just as critical as the technical part of the project.

#4-9-5

WordPress 4.9.5

WordPress 4.9.5 is now available. This maintenance and security releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. fixes 28 bugs.

Download WordPress 4.9.5 or visit Dashboard → Updates and click “Update Now”. Sites that support automatic background updates are already beginning to update automatically.

Thank you to everyone who contributed to WordPress 4.9.5:

1265578519Aaron JorbinAdam SilversteinAlain SchlesseralexgsoAndrea Ferciaandrei0x309antipoleAnwer ARBirgir Erlendsson (birgire)Blair jersyerBrooke.Chetan Prajapaticodegrauconner_bwDavid A. KennedydesignsimplyDion HulseDominik Schilling (ocean90)ElectricFeetericmeyerFPCSJamesGarrett HyderGary PendergastGennady KovsheninHenry WrightJb AudrasJeffrey PaulJip MoorsJoe McGillJoen AsmussenJohn BlackbournjohnpgreenJunaid AhmedkristastevensKonstantin ObenlandLaken HafnerLance WillettleemonMel ChoyceMike SchrodermrmadhatnandorskyNidhi JainPascal BirchlerqcmiaoRachel BakerRachel PeterRavanHSamuel Wood (Otto)Sebastien SERRESergey BiryukovShital MarakanaStephen EdgarTammie ListerThomas VitaleWill Kwon, and Yahil Madakiya.

4.9.5 changelog

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

  • Switch to wp_safe_redirect() when redirecting the login page when SSLSSL Secure Sockets Layer. Provides a secure means of sending data over the internet. Used for authenticated and private actions. is forced (see related changeset).
  • Escape HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. returned from get_the_generator() (see related changeset).
  • Disallow localhost in wp_http_validate_url() (see related changeset).

Thank you to the reporters of these issues for practicing responsible security disclosurexknownNitin Venkatesh (nitstorm), and Garth Mortensen..

See the full list of closed tickets in TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress..

Build/Test Tools

  • #43190 – Update prefixed CSSCSS Cascading Style Sheets. properties in about.css

Bundled Theme

  • #43317 – Twenty Seventeen: underline links in comments
  • #43572 – Bundled Themes: Bump version number and update changelog in Twenty Seventeen for 4.9.5 release

Comments

  • #39045 – Remove unnecessary aria-required attribute for elements that have requiredattribute.

Customize

  • #36884 – In menus: correct oversized viewport after dragging menu items
  • #43307 – Correct closing tags in customize_themes_print_templates()
  • #43333 – In menus: reset results when closing the ‘add items’ panel.

Filesystem APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.

  • #43417 – Avoid an infinite loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop. in wp_mkdir_p() when trying to determine the parent folder with open_basedir restriction in effect.

Formatting

  • #43312 – Avoid a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value.

General

  • #38332 – Replace Cheatin’ uh? with friendlier error messages
  • #42789 – Readme: Update recommended PHP version to 7.2

Media

  • #41242 – Fix image cropping on touch screen devices
  • #42724 – On Media Settings screen, makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). the pairs of labels and inputs always stacked vertically, on both mobile and desktop screens
  • #42968 – Grid view – correct placeholder positioning during uploads
  • #43123 – Revert max-width styles on caption shortcodes
  • #43201 – Avoid a PHP warning in wp_calculate_image_srcset() if a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party returns a non-array value via wp_calculate_image_srcset() filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output.
  • #43226 – Correctly allow changing PDF thumbnail crop value

Bundled plugins

  • #43555 – Update Hello Dolly lyrics

Networks and Sites

  • #43568 – Use a numbered placeholder in sprintf() for the sitesite (versus network, blog) URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org

Rest APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/.

  • #42948 – Backbone client sending empty string in X-WP-Nonce headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. by default in some cases
  • #43265 – REST API JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. Client: Support an empty string for nonce to disable sending the X-WP-Nonce header
  • #43266 – Extend custom nonce functionality to collections

Security

  • Disallow localhost in wp_http_validate_url().
  • Switch to wp_safe_redirect() when redirecting the login page when SSL is forced.
  • Escape HTML returned from get_the_generator().
  • #43285 – Loosen the adminadmin (and super admin) referrer policy header value to allow the referring host to be sent from the admin area in all cases

Users

  • #42713 – Display partial names in the user listing tables

XML-RPC

  • #43216 – Add default values to IXR_Message for PHP 7.2 compatibility to avoid PHP Warnings

#4-9-5

Dev Chat Summary: March 28th (4.9.5 week 8)

This post is a summary of the latest dev chat meeting which took place on March 28th (agenda– Slack archive).

4.9.5 planning

4.9.5 Release Candidate has been released Tuesday, 27th March.

The release candidate package is now ready for testing. Please help us by testing this release to ensure 4.9.5 fixes the reported issues and doesn’t introduce any new ones. 4.9.5 contains 25 bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. fixes and enhancements.

Please note: the "Try GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/" callout will probably land in 4.9.6, but not in 4.9.5. There are still a few Gutenberg issues that need to be fixed before it's ready for the amount of attention this will bring.

4.9.5 releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. following on Tuesday, April 3rd.

@danieltj, @audrasjb & @sergey to get in touch with concerned people (mission control, bundled themes & bundled plugins maintainers…) about 48 hours before the release.

CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. component maintainers

@jbpaul17 (jeffpaul on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.) is currently auditing component maintainers to makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). sure all components have a maintainer and in case anyone wishes to step down.

More accurately, there will be a call out to current component maintainers to nominate additional maintainers as they’re most aware of who’s contributing and able to help maintain a component.

From the build/test-tools component: new version of grunt-patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing.-wordpress was released and added to trunktrunk A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision.. Update your NPM modules. (see related post).

Feeds component: @stevenkword to ask for committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. having interest in that component to avoid getting stuck at the commit point and release leads to puntpunt Contributors sometimes use the verb "punt" when talking about a ticket. This means it is being pushed out to a future release. This typically occurs for lower priority tickets near the end of the release cycle that don't "make the cut." In this is colloquial usage of the word, it means to delay or equivocate. (It also describes a play in American football where a team essentially passes up on an opportunity, hoping to put themselves in a better position later to try again.) tickets to next release. @sergeybiryukov to help to look at any tickets in that component to get them to commitable state or figure out the next step. Any help welcome.

Note: if you are interested in becoming a component maintainer, please get in touch with current component mainteners first.

List of current component maintainers: https://make.wordpress.org/core/components/

Basically, component mainteners should:

  • keep in mind that being a component maintainer means to be really well versed and know a lot (not necessarily everything) about that component.
  • to care about it, but doesn’t have to be a developer: designers can maintain components. Ideally, there should be at least one designer for each component that touch UIUI User interface.

The new contributor meeting will also move it’s time in tandem with the dev chat. The next one is scheduled for next week, Tuesday at 19:00 UTC.

#4-9-5

WordPress 4.9.5 Release Candidate

WordPress 4.9.5 maintenance releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. is scheduled for April 3rd.

The release candidate package is now ready for testing. Please help us by testing this release to ensure 4.9.5 fixes the reported issues and doesn’t introduce any new ones. This betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. release contains 25 fixes and improvements.

Please note: the Try GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ callout will ultimately not land in 4.9.5 release. There are still a few issues that need to get fixed before it's ready for the level of attention this will bring. It will probably land in a dedicated 4.9.6 release in a few weeks (also see related tracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker.: #41316)

4.9.5 improvements & fixes

See the full list of closed tickets in Trac.

Build/Test Tools

  • #43190 – Update prefixed CSSCSS Cascading Style Sheets. properties in about.css

Bundled Theme

  • #43317 – Twenty Seventeen: underline links in comments
  • #43572 – Bundled Themes: Bump version number and update changelog in Twenty Seventeen for 4.9.5 release

Comments

  • #39045 – Remove unnecessary aria-required attribute for elements that have required attribute.

Customize

  • #36884 – In menus: correct oversized viewport after dragging menu items
  • #43307 – Correct closing tags in customize_themes_print_templates()
  • #43333 – In menus: reset results when closing the 'add items' panel.

Filesystem APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.

  • #43417 – Avoid an infinite loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop. in wp_mkdir_p() when trying to determine the parent folder with open_basedir restriction in effect.

Formatting

  • #43312 – Avoid a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 7.2 warning in wp_kses_attr() when one of $allowedtags elements is an uncountable value.

General

  • #38332 – Replace Cheatin’ uh? with friendlier error messages
  • #42789 – Readme: Update recommended PHP version to 7.2

Media

  • #41242 – Fix image cropping on touch screen devices
  • #42724 – On Media Settings screen, makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). the pairs of labels and inputs always stacked vertically, on both mobile and desktop screens
  • #42968 – Grid view – correct placeholder positioning during uploads
  • #43123 – Revert max-width styles on caption shortcodes
  • #43201 – Avoid a PHP warning in wp_calculate_image_srcset() if a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party returns a non-array value via wp_calculate_image_srcset() filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output.
  • #43226 – Correctly allow changing PDF thumbnail crop value

Bundled plugins

  • #43555 – Update Hello Dolly lyrics

Networks and Sites

  • #43568 – Use a numbered placeholder in sprintf() for the sitesite (versus network, blog) URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org

Rest APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/.

  • #42948 – Backbone client sending empty string in X-WP-Nonce headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. by default in some cases
  • #43265 – REST API JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. Client: Support an empty string for nonce to disable sending the X-WP-Nonce header
  • #43266 – Extend custom nonce functionality to collections

Security

  • #43285 – Loosen the adminadmin (and super admin) referrer policy header value to allow the referring host to be sent from the admin area in all cases

Users

  • #42713 – Display partial names in the user listing tables

XML-RPC

  • #43216 – Add default values to IXR_Message for PHP 7.2 compatibility to avoid PHP Warnings

#4-9-5, #core

Dev Chat Agenda: 28th March (4.9.5 week 8)

This is the agenda for the weekly dev meeting on Wednesday, 28 March 2018, 20:00 GMT / March 28, 2018 at 20:00 UTC:

  • The #core-editor team are skipping this weeks developer chat.
  • 4.9.5 RC planning & testing.
  • All component maintainers are being audited to makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). sure all components have a maintainer and in case anyone wishes to step down. More details can be found in the handbook and the maintainer list.
    • If you are interested in becoming a component maintainer, please get in touch with @jeffpaul on Slack.
  • Updates from focus leads and component maintainers (also see above).
  • General announcements.

If there is anything you'd like to add to the agenda, please leave a comment and we can add it to the discussion points for later on in the meeting. Thank you!

#4-9-5#agenda#core#dev-chat

#4-9-5

Dev Chat Summary: March 21st (4.9.5 week 7)

This post is a summary of  the latest dev chat meeting which took place on March 21st (agenda– Slack archive).

Meeting time change

Due to Spring time change, the weekly coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. dev chat meeting will change from next week to be 20:00 UTC and held as usual in #core on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

4.9.5 planning

WordPress 4.9.5 beta as been released Tuesday, March 20th.

There is 23 already fixed tickets and 2 blessed tasks. The milestone is clear. Some bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. fixes can still ship with 4.9.5 (before RC), but enhancements have to land in 4.9.6.

Release candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). is still scheduled for Tuesday, March 27th, around 23:00 UTC.

4.9.5 releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. following on Tuesday, April 3rd.

Updates from focus leads and component maintainers

The GDPR Compliance team continues to meet at 16:00 UTC on Wednesdays and have reached "critical mass" in #gdpr-compliance. The team have general ideas of what needs doing and how to do it. Next step would be to get more eyes on the GDPR related tickets.

Note the max-width caption revert coming in 4.9.5 (see Dev note).

Thursday, March 22 Support meeting was dedicated to plan the increase in support traffic from a forthcoming "Try GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/" promo (see TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. ticketticket Created for both bug reports and feature development on the bug tracker. #41316).

#4-9-5

WordPress 4.9.5 Beta

As mentioned in the last dev chat, WordPress 4.9.5 maintenance releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. is scheduled for April 3rd. 

The beta package for 4.9.5 is now ready for testing. Please help us by testing this beta to ensure 4.9.5 fixes the reported issues and doesn’t introduce any new ones.

This betaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. release contains 23 fixes and improvements. Release candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). sheduled for March 20th.

4.9.5 improvements & fixes

See the full list of closed tickets in TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress..

Build/Test Tools

  • #43190 – Update prefixed CSSCSS Cascading Style Sheets. properties in about.css

Bundled Theme

  • #43317 – Twenty Seventeen: Underline links in comments

Comments

  • #39045W3CW3C The World Wide Web Consortium (W3C) is an international community where Member organizations, a full-time staff, and the public work together to develop Web standards.https://www.w3.org/. Validator warning: Attribute aria-required is unnecessary for elements that have attribute required.

Customize

  • #36884 – CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. child menus incorrectly resize the sitesite (versus network, blog) to an incorrect minimum-width
  • #43307 – Error wp-adminadmin (and super admin) > Includes > theme.php
  • #43333 – Unable to add menu item

Filesystem APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.

  • #43417 – Infinite loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop. in wp_mkdir_p with open_basedir restrictions

Formatting

  • #43312PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 7.2 warning in wp_kses_attr()

General

  • #38332 – "Cheating" message insults; needs changing
  • #42789 – Bump recommended PHP version from 7.0 -> 7.2

Media

  • #42724 – Options Media page hides breaks on desktop
  • #42968 – Media: Grid View: new upload, file is in the wrong position in the grid until after upload is complete
  • #43123 – Default captions should NOT use max-width
  • #43201 – PHP Warning: count(): Parameter must be an array or an object that implements Countable in /wp-includes/media.php on line 1206
  • #43226 – Crop setting in thumbnails never set when uploading PDF files

Bundled plugins

  • #43555 – Keep Hello Dolly from displaying sexist text in the admin

Networks and Sites

  • #43568 – E_WARNING: sprintf(): Too few arguments. [ wp-activate.php wp-activate.php (113) ]

Rest APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/.

  • #42948 – Backbone client sending empty string in X-WP-Nonce headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. by default in some cases
  • #43265 – REST API JSJS JavaScript, a web scripting language typically executed in the browser. Often used for advanced user interfaces and behaviors. Client: Extend custom nonce functionality to collections
  • #43266 – REST API JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. Client: Support an empty string for nonce

Security

  • #43285 – The default admin referrer policy header value blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. the access to media on other server in admin panel

Users

  • #42713 – Users list does not display name if Last Name empty

XML-RPC

  • #43216 – IXR Server Warning

#4-9-5, #beta

Dev Chat Agenda: March 21st (4.9.5 week 7)

This is the agenda for the weekly dev meeting on March 21, 2018 at 21:00 UTC / March 21, 2018 at 21:00 UTC:

  • 4.9.5 planning
  • Updates from focus leads and component maintainers
  • General announcements

If you have anything to propose to add to the agenda or specific items related to the above, please leave a comment below. See you there!

#4-9-5, #agenda, #core, #dev-chat

Max-width captions reverted in 4.9.5

In WordPress 4.9.0 the caption shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. output was changed to use an inline max-width style instead of width. This change broke several existing themes and has been reverted in trunktrunk A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision. and will be in 4.9.5, when released.

For background, the change was added via #33981 and was reverted in #43123.

Any themes that would like to maintain the behavior from 4.9.0 can do so by filtering the output of image captions like this:

function filter_caption_max_width( $output, $tag ) {
    if ( 'caption' === $tag || 'wp_caption' === $tag ) {
        $output = str_replace( 'width:', 'max-width:', $output );
    }

    return $output;
}

add_filter( 'do_shortcode_tag', 'filter_caption_max_width', 10, 2 );

#4-9-5

Dev Chat Summary: March 14th (4.9.5 week 6)

This post is a summary of  the latest dev chat meeting which took place on March 14th (agendaSlack archive).

4.9.5 Planning

Planned releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. schedule:

  • BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process.: 03/20
  • RC: 03/27
  • Expected release date: 04/03

Beta scheduled for next Tuesday, March 20th. Beta release process planned to begin after the weekly bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrub.

An extra bug scrub is planned on Saturday 17th at 15:00 UTC for 4.9.5 triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors..

Also:

  • Some 5.0 good-first-bug labelled tickets have been moved back to 4.9.5.
  • All tickets slated in 4.9.5 that are not 100% OK before beta release process will land in future release. @pento added 4.9.6 milestone to handle this.

Release planning: GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/, GDPR, serve happy and other projects

There are a couple items that would be good to ship ahead of Gutenberg's release. How can WordPress best supports getting GDPR updates out ahead of its May deadline? Similarly for other non-Gutenberg projects (e.g., serve happy, debug screen, on-boarding improvements), how can WordPress best supports getting them out ahead of Gutenberg?

Now for Gutenberg, and as discussed last week there are various "Gutentasks" that could use some "Gutenhelp":

  • Various REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. tasks that can be done now in parallel
  • CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. changes
  • New endpoints and infrastructure plans
  • How would inclusion of Gutenberg/JSJS JavaScript, a web scripting language typically executed in the browser. Often used for advanced user interfaces and behaviors. packages work

Recap:

  • @pento: about GDPR, there may be some smaller things ready for 4.9.5, but it will probably needs a 4.9.6/7 release towards the end of April or early May to add all the bits and pieces.
  • @audrasjb: question about new files or big changes like GDPR in a minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality..
  • @pento: new files can't be added in point releases, as a general rule, but there is no problem adding features (like GDPR) in 4.9.x releases, and there won't be a 4.10 release.
  • @pento: Serve happy needs some polish, but should be ready for 4.9.5. Unfortunately, it was merged to trunktrunk A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running "trunk", then you are on the latest revision. early: There was design feedback on it which wasn't implemented.
  • Discussion about design in WordPress: @pento, @afercia, other contributors & core-committers to talk about design decisions in TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. workflow and in WordPress development in general. This topic will be discussed separately of this dev chat but it seems really fundamental.
  • @Krizzy: question about some good-first-bug tickets status while Gutenberg is being developed. @melchoyce answered if it’s something small and contained, it’s good to push that forward into a point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality.. And as a reminder, everybody is always welcome to contribute to the discussion, even if the ticketticket Created for both bug reports and feature development on the bug tracker. is already marked as "claimed".
  • @aduth: inclusion of Gutenberg/JS packages was a topic of the JS meeting this week. Conversation already started in core-js slack channel.
  • @pento: There have been some small core changes for Gutenberg that have landed in trunk already, mostly REST API tweaks. That process can continue. The larger REST API changes probably won't come until around when the merge proposal comes.
  • @kadamwhite announced REST API meeting is still 17:00 UTC post-daylight-savings, so that's an hour later than last week.

Gutenberg

  • @matveb: 2.4 of Gutenberg was released today.
  • @sergeybiryukov: question about the right time for #41316 – Introduce "try Gutenberg" callout –, or still too early.
  • @pento: 4.9.5 release being in 3 weeks is good time for the callout to be added, so it should be kept in the milestone.

Various questions

  • @benoitchantre asked if #36455 should be milestoned for 4.9.5 to prevent OPcache issues to users invited to upgrade their PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 version.
  • @mikeschroder: that particular ticket needs a new patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing..

Next meeting

The next meeting will take place on March 21st, 2018 at 21:00 UTC in the #core SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel. Please feel free to drop in with any updates or questions. If you have items to discuss but cannot makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). the meeting, please leave a comment on this post so that we can take them into account.

#4-9-5