WordPress 5.2.3 RC 1

WordPress 5.2.3 Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). 1 (RC1) is now available for testing! So please do – every test helps the build get closer to the final releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.!

You have two options for testing the WordPress 5.2.3 release candidate: try the WordPress Beta Tester pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party (you’ll want to select the point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. nightlies option), or download the release candidate here (zip).

What’s in this release?

5.2.3 features 29 bug and regression fixes, with some to the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor, accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility), i18ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill., media, and administration.

Here’s the list:

  • #46899: Ensure that tables generated by the Settings APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. have no semantics
  • #47145: Feature Image dialog does not follow the dialog pattern
  • #47390: Improve accessibility of forms elements within some “form-table” forms
  • #47190: Twenty Seventeen: Native audio and video embeds have no focus state.
  • #47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
  • #47414: Twenty Seventeen: Button block preview has extra spacing within button
  • #47543: Twenty Seventeen: buttons don’t change color on hover and focus
  • #47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
  • #47693: customizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. Color picker should get closed when click on color picker area.
  • #45739: Block Editor: $editor_styles bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority..
  • #45935: A URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
  • #47604: Undefined variable: locked in wp-adminadmin (and super admin)/edit-form-blocks.php
  • #47489: Emoji are substituted in preformatted blocks
  • #47079: Incorrect version for excerpt_allowed_blocks filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output.
  • #47538: Minor Verbiage Update – Switch ‘developer time’ for ‘a developer’
  • #46757: Media TrashTrash Trash in WordPress is like the Recycle Bin on your PC or Trash in your Macintosh computer. Users with the proper permission level (administrators and editors) have the ability to delete a post, page, and/or comments. When you delete the item, it is moved to the trash folder where it will remain for 30 days.: The Bulk Media options when in the Trash shouldn’t provide two primary buttons
  • #46758: Media Trash: Primary button(s) should be on the left
  • #47113: Media views: dismiss notice button is invisible
  • #47458: Fix tab sequence order in the Media attachment browser
  • #47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
  • #47687: Use alt tags for gallery images in editor
  • #38415: New Custom Link menu item has a wrong fallback label
  • #47723: Adding a custom link in nav-menus.php doesn’t trim whitespace
  • #47888: Adding a custom link in menu via Customize doesn’t trim whitespace.
  • #47561: Plugin: View details popup layout issue
  • #47835: PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 requirement always set to null for plugins
  • #47386: Fix headings hierarchy in the legacy Custom Background and Custom HeaderHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. pages
  • #47603: My account toggle on admin bar not visible at high zoom levels
  • #47758: Font sizes on installation screen are too small

You can browse the full list of changes on Trac.

What’s next?

Committers: The dev-reviewed workflow (double-committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. sign off) is now in effect. That means it takes two committers to approve any changes to the 5.2 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"..

Plus, we have a hard string freeze until the official 5.2.3 release, scheduled for Wednesday, September 4, 2019, 10:00 AM PDT

Happy testing!

#5-2, #5-2-3, #rc1, #releases

WordPress 5.2.2 RC 2

WordPress 5.2.2 Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). 2 (RC2) is now available for testing! So please do – every test helps the build get closer to final releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.!

You have two options for testing the WordPress 5.2.2 release candidate: try the WordPress Beta Tester pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party (you’ll want to select the point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. nightlies option), or you can download the release candidate here (zip).

What’s in this release?

5.2.2 features 13 bug and regression fixes, with some improvements to the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor, accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility), i18ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill., media and administration. Plus, this release adds a little bit of polish to the Sitesite (versus network, blog) Health feature that made its debut in 5.2.

Here’s the list:

  • #45094: Dashboard elements don’t always have clear focus states, tab order
  • #46289: RTL Bug: wrong navigation arrows in media modal
  • #46749: Extra border is displaying at bottom of Help section in Firefox (Responsive : 778 * 841)
  • #46881: Site Health: improve the headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. elements horizontal centering
  • #46957: Site Health: Makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). site health page access be filterable
  • #46960: Site Health: Table design issue in small devices(iphone 5/SE).
  • #46997: Theme update links show in CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. and don’t work
  • #47070: Recovery Mode Exit button not visible in responsive view
  • #47158: Merge similar strings introduced in WP 5.2
  • #47227: i18n: Merge similar translationtranslation The process (or result) of changing text, words, and display formatting to support another language. Also see localization, internationalization. strings – site health tabs
  • #47429: Editor: Update packages for WordPress 5.2.2
  • #47457: Fix the mediaelements player controls bar sizing
  • #47475: I18n: Merge similar strings and fix typo

You can browse the full list of changes on Trac.

What’s next?

Committers: The dev-reviewed workflow (double-committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. signoff) is now in effect. That means it takes two committers to approve any changes to the 5.2 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"..

Plus, we have a hard string freeze until the official 5.2.2 release, scheduled for Tuesday, June 18 at 17:00 UTC.

Happy testing!

#5-2, #5-2-2, #releases

Dev Chat Summary: June 12, 2019

Announcements

@marybaum graciously offered to help lead Dev Chat next week. While many folks will be at WCEU, there are many others that will not. The meeting shall go on! Thanks Mary!

WordPress 5.2.2 Updates

5.2.2 co-lead @marybaum mentioned that tomorrow the RC2 process will begin and the time was agreed to be 15:00 UTC. The following dates are the updated schedule for releases:

Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). 2: Thursday, June 13, 2019, 15:00 UTC
Final ReleaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.: Tuesday, June 18, 2019

WordPress 5.3 Updates

@chanthaboune discussed timing for the release saying, “Folks with suggested major focuses have all gotten their best timing estimates to me and it’s shaping up to look pretty good. The focuses seem land-able by late Sept/early Oct, which leaves about a month before WCUS.”

Scope of 5.3 as it relates to the 9 Projects for the Year

@jeffpaul asked “Is the hope that 5.3 includes the final portions of release-related projects from Matt’s list of 9 projects for the year? Asked differently, what remains from that list that we should be aiming to include alongside 5.3?”

@chanthaboune mentioned that the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. directory is currently awaiting design feedback. Next steps are to be determined and will be mentioned in a 5.3 update post.

@earnjam said the content registration features for themes seems a bit nebulous. In particular:

Porting all existing widgets to blocks.

Upgrading the widgets-editing areas in wp-adminadmin (and super admin)/widgets.php and the CustomizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. to support blocks.

@aduth provided a very handy link on the current status of these features on the roadmap: https://github.com/WordPress/gutenberg/blob/master/docs/roadmap.md

Jeff asked a follow up question “Is of the remaining projects that are incomplete which (1) are near completion and just need some assistance or (2) are of the upmost priority to try and complete by the end of the year. Knowing the answers to those could help show folks the best places to swarm and help get projects to completion?” @chanthaboune offered to address this and the other roadmap items in a 5.3 update post after WCEU.

@clorith asked “Will this be the final release of the year, and how does that align with our plans to (possibly, depending on how 5.2 rolls along) update minimum requirements to PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 7.x ?” This will also be addressed in the 5.3 update post Josepha offered to tackle after WCEU. @jorbin shared some great stats on the current state of PHP versions finding that “We are under 20% for below 5.6” which is a massive improvement!

Updates from component maintainers

Call for new maintainers of components:

There are a handful of components that are in need of a maintainer to watch over and nurture them:

@azaozz offered to be a maintainer of Script Loader and everyone cheered! Thank you Ozz! Discussion also took place on the collective noun for multiple Ozz, as it would be greatly appreciated to have more of them to help maintain some of the above components. 🙂

Please comment below this post if you are interested in any of the above components, or feel free to reach out to @chanthaboune if you’d rather volunteer privately.

General Announcements and Open Floor

Jonny Harris is working on a feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. that gives REST endpoints for menus. This is in preparation for upcoming navigation blocks, but it also serves as an excellent way of exposing menus to headless applications using WordPress. He would like some feedback on the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party and would appreciate thoughts on considering this in the scope of 5.3. Please leave on this PR: https://github.com/WP-API/wp-api-menus-widgets-endpoints/pull/22

@presskopp mentioned a commented made here on the 5.3 call for tickets post. @chanthaboune mentioned that there is agreement and it is wrapped into the triage work from the 9 projects mentioned earlier in notes.

@bph asked, “There is a big knowledge gap that there is actually user documentation available for Gutenberg. Where would a discussion be placed best design/coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-editor to surface the document within the block editor?” @aduth said that it was mentioned in a recent #core-editor chat and linked some action items from that chat here: https://wordpress.slack.com/archives/C02QB2JS7/p1558532425222200 Andrew proceeded to offer to help in creating a GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ issues for this. @bph offered to makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). a post to discuss this further. More to come soon!

These notes were taken by @antpb and proofread by @chanthaboune.

#5-2-2, #5-3#devchat#summary

#5-2

WordPress 5.2.2 RC 1

WordPress 5.2.2 Release Candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta). 1 (RC 1) is now available for testing! So please do – every test helps the build get closer to final releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.!

There are two ways to test the WordPress 5.2.2 release candidate: try the WordPress Beta Tester pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party (you’ll want to select the point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. nightlies option), or you can download the release candidate here (zip).

What’s in this release?

5.2.2 features ten bug and regression fixes, like some improvements to the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor, accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility), i18ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill., media and administration. And adds a little bit of polish to the Sitesite (versus network, blog) Health feature that made its debut in 5.2.

Here’s the full list:

  • #45094: Dashboard elements don’t always have clear focus states, tab order
  • #46289: RTL Bug: wrong navigation arrows in media modal
  • #46749: Extra border is displaying at bottom of Help section in Firefox (Responsive : 778 * 841)
  • #46957: Site Health: Makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). site health page access be filterable
  • #46960: Site Health: Table design issue in small devices(iphone 5/SE).
  • #47158: Merge similar strings introduced in WP 5.2
  • #47227: i18n: Merge similar translationtranslation The process (or result) of changing text, words, and display formatting to support another language. Also see localization, internationalization. strings – site health tabs
  • #47429: Editor: Update packages for WordPress 5.2.2
  • #47457: Fix the mediaelements player controls bar sizing
  • #47475: I18n: Merge similar strings and fix typo

You can browse the full list of changes on Trac.

What’s next?

Committers: The dev-reviewed workflow (double-committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. signoff) is now in effect. That means it takes two committers to approve any changes to the 5.2 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"..

The official 5.2.2 release is scheduled for Tuesday, June 18.

Happy testing!

#5-2, #5-2-2, #releases

5.2.2 Release Agenda

The last weekly dev chat meeting featured a call for leads for 5.2.2.

@marybaum, @justinahinon and @audrasjb are leading the releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.. @chanthaboune is managing communications among the different teams involved.

The current schedule shows final release for 5.2.2 on Thursday 13 June 2019.

Proposed agenda for this minor releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. cycle:

#5-2, #5-2-2, #agenda, #bug-scrub

Dev Chat Summary: 22 May

@chanthaboune served as the facilitator for discussion and many contributors were in attendance.

Announcements

Nothing major to announce this week. Tune in next!

5.2.1 Debrief

WordPress 5.2.1 released yesterday! For information on the releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. you may refer to the 5.2.1 blog post. Thanks to @desrosj and @earnjam for leading such a smooth release. As of now, there are no notable issues. If you are seeing any issues, please discuss in the comments below or create a new ticketticket Created for both bug reports and feature development on the bug tracker. at: https://core.trac.wordpress.org/.

5.2.2

There are a handful of tickets in the 5.2.2 milestone. A team is needed to help wrangle those tickets into a new release. Now is the time to volunteer for leading 5.2.2. This release would aim to be for a 2 week release cycle to clear up remaining tickets in the milestone. There were two volunteers to lead in chat today: @audrasjb and @justinahinon. Please volunteer in the comments below if you are also interested in leading or co-leading!

@aduth said there was mention of a few issues in #core-editor chat earlier today of GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ bugs which would be nice to aim to include for the release: https://wordpress.slack.com/archives/C02QB2JS7/p1558530408162500

Major releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope. (5.3)

Comments were closed today in the call for 5.3 tickets post. @chanthaboune will be pulling those together the submissions and do some outreach to maintainers that have not included items to the post as we prepare for the next major release. These tickets will inform what focuses this release will have.

Calls from component maintainers

@azaozz, is continuing to plan for some recommended changes and focuses for the Uploads and Media components.

@desrosj reminded us that the following components: General Component, Comments, Pings/Trackbacks, External Libraries, Filesystem APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways., Rewrite Rules, and Script Loader are all currently without any maintainers. If those parts of coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. interest you, feel free to reach out to @chanthaboune to get involved!

@karmatosed mentioned that there is an editor component triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. on Friday at 17:00 UTC, @desrosj and @karmatosed will be running it in #core-editor and the triage will focus on tracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets.

@johnbillion asked if there were any component maintainers looking for new maintainers of their components and @chanthaboune made the important reminder, “open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. is designed to let people move in and out of volunteer positions as needed” If you are not comfortable saying in dev chat that you would like to makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). changes, please feel free to reach out privately to @chanthaboune or other co-maintainers.

Open Floor

There was an ask by @afragen to have a committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. review https://core.trac.wordpress.org/ticket/46938 He also reminded us committers are not the only ones with valuable feedback. Please direct any thoughts about the issue to the ticket, even if you are not one. 🙂

#5-2, #5-2-1, #5-3, #devchat, #summary

Dev Chat Agenda: May 22

Below is the agenda for the weekly devchat meeting on Wednesday, May 22, 2019, 2000 UTC.

  • Announcements
  • 5.2.1 Debrief
  • 5.2.2 Planning
    • Call for releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. leads
  • 5.3
  • Calls from component maintainers
  • Open Floor

If you have anything to propose for the agenda or specific items related to those listed above, please leave a comment below.

This meeting is held in the #core channel in the Making WordPress Slack.

#agenda, #devchat

#5-2, #5-2-1, #5-3, #core

WordPress 5.2.1-RC2

WordPress 5.2.1-RC2 is now available for testing!

There are two ways to test the newest WordPress 5.2 release candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta).: try the WordPress Beta Tester pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party (you’ll want to select the “point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. nightlies” option), or you can download the release candidate here (zip).

What’s in this releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.?

In addition to the everything included in RC1, 5.2.1-RC2 fixes 3 issues discovered by those who tested RC1:

  • #47323 prevents a fatal error that occurs when upgrading to 5.2.1 from WordPress < 5.2.
  • #47304 fixes a regressionregression A software bug that breaks or degrades something that previously worked. Regressions are often treated as critical bugs or blockers. Recent regressions may be given higher priorities. A "3.6 regression" would be a bug in 3.6 that worked as intended in 3.5. that can affect the accuracy of <lastBuildDate> in feeds.
  • #47312 changes the string used on the About page for 5.2.1 to one that is already translated.

You can browse the full list of changes in 5.2.1 on Trac.

What’s next?

Committers: The dev-reviewed workflow (double committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. sign-off) still applies when making any changes to the 5.2 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"..

The official 5.2.1 release is still scheduled for Tuesday, May 21.

Happy testing!

#5-2, #5-2-1, #releases

WordPress 5.2.1-RC1

WordPress 5.2.1-RC1 is now available for testing! But, your help is needed to test!

There are two ways to test the WordPress 5.2 release candidaterelease candidate One of the final stages in the version release cycle, this version signals the potential to be a final release to the public. Also see alpha (beta).: try the WordPress Beta Tester pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party (you’ll want to select the “point releaseMinor Release A set of releases or versions having the same minor version number may be collectively referred to as .x , for example version 5.2.x to refer to versions 5.2, 5.2.1, 5.2.3, and all other versions in the 5.2 (five dot two) branch of that software. Minor Releases often make improvements to existing features and functionality. nightlies” option), or you can download the release candidate here (zip).

What’s in this releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software.?

5.2.1 contains 32 high priority bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. fixes and regressions, improvements to the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor, accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility), i18ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill., and polishes the Sitesite (versus network, blog) Health feature introduced in 5.2. Here are some changes of note:

  • #47180: An issue typing in the block editor while using a RTL language has been fixed.
  • #47186: An bug causing 32-bit systems to run out of memory when using sodium_compat was fixed.
  • #47189: The “Update your plugins” link in Site Health now links to the correct page in multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site installs.
  • #47185: An issue in wp_delete_file_from_directory() where files were not deleting on Windows systems has been fixed.
  • #47205: A bug was fixed where spaces could not be added in the Classic Editor after pressing shift+enter.
  • #47265: 2 fatal errors on the error protection page when a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 error was encountered in a drop-in (such as advanced-cache.php) were fixed.
  • #47244: wp_targeted_link_rel() has been improved to prevent instances where single and double quotation marks were incorrectly staggered.
  • #47169: PHP/MySQLMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. minimum version requirement checks now return proper error codes when requirements are not met in test environments.
  • #47177: The backwards compatibility of get_search_form() was improved.
  • #47297: The accuracy of the HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. requests test in Site Health was improved.
  • #47229: TinyMCE has been updated to version 4.9.4.

You can browse the full list of changes on Trac.

What’s next?

Committers: The dev-reviewed workflow (double committercommitter A developer with commit access. WordPress has five lead developers and four permanent core developers with commit access. Additionally, the project usually has a few guest or component committers - a developer receiving commit access, generally for a single release cycle (sometimes renewed) and/or for a specific component. sign-off) should now be enforced when making any changes to the 5.2 branchbranch A directory in Subversion. WordPress uses branches to store the latest development code for each major release (3.9, 4.0, etc.). Branches are then updated with code for any minor releases of that branch. Sometimes, a major version of WordPress and its minor versions are collectively referred to as a "branch", such as "the 4.0 branch"..

The official 5.2.1 release is scheduled for Tuesday, May 21.

Happy testing!

#5-2, #5-2-1, #releases

Security in 5.2

Post originally written by Scott Arciszewski.

Protection Against Supply-Chain Attacks

Starting with WordPress 5.2, your website will remain secure even if the wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ servers get hackedhacked .

We are now cryptographically signing WordPress updates with a key that is held offline, and your website will verify these signatures before applying updates.

Signature Verification in WordPress 5.2

When your WordPress sitesite (versus network, blog) installs an automatic update, from version 5.2 onwards it will first check for the existence of an x-content-signature headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes.. If one isn’t provided by our update server, your WordPress site will instead query for a filenamehere.sig file and parse it.

The signatures were calculated using Ed25519 of the SHA384 hash of the file’s contents. The signature is then base64-encoded for safe transport, no matter how it’s delivered.

The signing keys used to releaseRelease A release is the distribution of the final version of an application. A software release may be either public or private and generally constitutes the initial or new generation of a new or upgraded application. A release is preceded by the distribution of alpha and then beta versions of the software. updates are managed by the WordPress.org coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. development team. The verification key for the initial release of WordPress 5.2 is fRPyrxb/MvVLbdsYi+OOEv4xc+Eqpsj+kkAS6gNOkI0= (expires April 1, 2021).

(For the sake of specificity: Signing key here means Ed25519 secret key, while verification key means Ed25519 public key.)

To verify an update file, your WordPress site will calculate the SHA384 hash of the update file and then verify the Ed25519 signature of this hash. If you’re running PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 7.1 or older and have not installed the Sodium extension, the signature verification code is provided by sodium compat.

Our signature verification is implemented in the new verify_file_signature() function, inside wp-admin/includes/file.php.

Modern Cryptography for WordPress Plugins

The inclusion of sodium_compat on WordPress 5.2 means that pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party developers can start to migrate their custom cryptography code away from mcrypt (which was deprecated in PHP 7.1, and removed in PHP 7.2) and towards libsodium.

Example Functions

<?php
/**
 * @param string $message
 * @param string $key
 * @return string
 */
function wp_custom_encrypt( $message, $key )
{
    $nonce = random_bytes(24);
    return base64_encode(
        $nonce . sodium_crypto_aead_xchacha20poly1305_ietf_encrypt(
            $message,
            $nonce,
            $nonce,
            $key
        )
    );
}

/**
 * @param string $message
 * @param string $key
 * @return string
 */
function wp_custom_decrypt( $message, $key )
{
    $decoded = base64_decode($message);
    $nonce = substr($decoded, 0, 24);
    $ciphertext = substr($decoded, 24);
    return sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
        $ciphertext,
        $nonce,
        $nonce,
        $key
    );
}

How to Seamlessly and Securely Upgrade your Plugins to Use the New Cryptography APIs

If your plugin uses encryption provided by the abandoned mcrypt extension, there are two strategies for securely migrating your code to use libsodium.

Strategy 1: All Data Decryptable at Run-Time

If you can encrypt/decrypt arbitrary records, the most straightforward thing to do is to use mcrypt_decrypt() to obtain the plaintext, then re-encrypt your code using libsodium in one sitting.

Then remove the runtime code for handling mcrypt-encrypted messages.

<?php
// Do this in one sitting
$plaintext = mcrypt_decrypt( $mcryptCipher, $oldKey, $ciphertext, $mode, $iv );
$encrypted = wp_custom_encrypt( $plaintext, $newKey );

Strategy 2: Only Some Data Decryptable at Run-Time

If you can’t decrypt all records at once, the best thing to do is to immediately re-encrypt everything using sodium_crypto_secretbox() and then, at a later time, apply the mcrypt-flavored decryption routine (if it’s still encrypted).

<?php
/**
 * Migrate legacy ciphertext to libsodium
 * 
 * @param string $message
 * @param string $newKey
 * @return string
 */
function wp_migrate_encrypt( $message, $newKey )
{
    return wp_custom_encrypt(
        'legacy:' . base64_encode($message),
        $newKey
    );
}

/**
 * @param string $message
 * @param string $newKey
 * @param string $oldKey
 * @return string 
 */
function wp_migrate_decrypt( $message, $newKey, $oldKey )
{ 
    $plaintext = wp_custom_decrypt($message, $newKey);
    if ( substr($plaintext, 0, 7) === 'legacy:' ) {
        $decoded = base64_decode( substr($plaintext, 7) );
        if ( is_string($decoded) ) {
            // Now apply your mcrypt-based decryption code
            $plaintext = mcrypt_decrypt( $mcryptCipher, $oldKey, $decoded, $mode, $iv );

            // Call a re-encrypt routine here
        }
    }
    return $plaintext;
}

Avoid Opportunistic Upgrades

A common mistake some developers makemake A collection of P2 blogs at make.wordpress.org, which are the home to a number of contributor groups, including core development (make/core, formerly "wpdevel"), the UI working group (make/ui), translators (make/polyglots), the theme reviewers (make/themes), resources for plugin authors (make/plugins), and the accessibility working group (make/accessibility). is to try to do an “opportunistic” upgrade: Only perform the decrypt-then-re-encrypt routine on an as-needed basis. This is a disaster waiting to happen, and there is a lot of historical precedence to this.

Of particular note, Yahoo made this mistake, and as a result, had lots of MD5 password hashing lying around their database when they were breached, even though their active users had long since upgraded to bcrypt.

Detailed technical information about this new security feature, written by Paragon Initiative Enterprises (the cryptography team that developed it) are available here.

#5-2 #dev-notes