Some of the highlights are a redesigned linking workflow, a more streamlined writing interface, a refreshed blue admin scheme (which we use here at WPvibe.com), new Post Formats support, a new Network Admin, advanced taxonomy and custom fields queries, and most of all, with the 3.1 release, WordPress is more of a CMS than ever before.

Everyone (all 180+ contributors to the WordPress 3.1 release) is really excited about this release.

So what are you waiting for! Go upgrade your site to 3.1! (we already did

UPDATE: One thing that Brian Gardner just pointed out on Twitter, is that you no longer need a code snippet to disable the WordPress admin bar that was added to WordPress 3.1. That’s pretty awesome! Just go to your profile page and uncheck where you want the admin bar to show up.

Update #2: At the time of writing this, there are 21, 711 downloads of WordPress 3.1. Let’s see where it is at the end of the day

The only files affected in the upgrade are as follows:

wp-includes/version.php
xmlrpc.php
readme.html
wp-admin/includes/update-core.php

As always, it’s a good idea to update to the latest version of WordPress.

Here are the updates for 3.0.2:

Summary

• Fix moderate security issue where a malicious Author-level user could gain further access to the site. (r16625)

Other bugs and security hardening:

• Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)

• Fix canonical redirection for permalinks containing %category% with nested categories and paging. (#13471)
• Fix occasional irrelevant error messages on plugin activation. (#15062)
• Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
• Clarify the license in the readme (r15534)
• Multisite: Fix the delete_user meta capability (r15562)
• Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
• Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)
• Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536)

A huge thanks to Scribu for spending his summer time on a GSoC program and working on a major component upgrade for WordPress 3.1-beta. Ajax’ified wp-admin.

There are some major improvements in this recent release. Here is the short list of features you would be able to visibly see – the rest are behind the scenes that continue to make WordPress the best CMS/blogging platform in the world. And boy do I love WordPress

• Post Formats (#14746)
• Theme Search (#14936)
• Internal Linking (#11420)
• Admin Bar (#14772)
• Ajaxified Admin (#14579)
• Updated Tiny MCE (#12574)
• Multi-taxonomy Queries (#12891)
• Custom Post Type Index Pages (#13818)
• Admin CSS Cleanup (#14770)
• User Admin (#14696)
• Network Admin (#14435)
• Password Reset Redux (#5919)

click here

If you’ve been following the news of WordPress 3.0, you will know that it is a huge release for WordPress. It’s the milestone of merging WordPress and WordPress Multi-User (WPMU) into a single platform.

This is by far one of the best things that has happened to WordPress, to centralize the code base into a single code base instead of relying on two separate sets of code.

From what Peter writes, these are the two main areas to be testing:

• Revised menu user interface
• Changes to the WordPress exporter and importer to make it more flexible

There are a number of new features, enhancements, and code updates, so if you’re interested, download the beta and report any bugs that you find.

Happy bug hunting!

One of the biggest fixes was the upgrade process. There were a number of related bugs to the upgrade process and as you can imagine, this is a fairly big deal for most people.

As Ryan notes, there were “millions of downloads for WordPress 2.9″ and this is a big deal.

So get to it and grab WordPress 2.9.1!

These bug hunts are a great opportunity for the community to get involved with development and testing of WordPress core. If you are interested in getting involved, take a visit to the WordPress Trac site.

The idea with release bug hunts is to get more eyes on core code, the more the merrier I say! It definitely helps to have larger numbers reviewing changes in a new release, more specifically to test patches, help fix known issues, and find new ones.

Here are the scheduled dates for the bug hunts:

• Thursday through Saturday, November 5-7, 2009
• Saturday through Monday, November 14-16, 2009

For those of you attending WordCamp New York, there will be a special hacking room set up where you can join two of the core developers, Mark Jaquith and Matt Martz.

So there you have it, 2.9 is almost here and WordPress continues to grow. Join in on the fun and become a part of the culture.

For more information like IRC info and testing environment links, visit the original bug hunt announcement post on WordPress.org.

A vulnurability was found in the WordPress trackback code that could allow attacks to DDoS your site. Should you be scared? No. So why am I not scared about this bug? If someone wanted to DDoS my site, they would. They don’t need WordPress to do it.

In the mean time while WordPress is still being updated, here are a couple quick fixes to secure your site. Add this to your httpd.conf Apache conf file for your site or your .htaccess file:

[sourcecode]<Files ~ "wp-trackback.php">
Order allow,deny
Deny from all
</Files>[/sourcecode]

Alternatively, you can edit your wp-trackback.php file.

Here is the changelog to patch the security hole.

[sourcecode]— a/branches/2.8/wp-trackback.php
+++ b/branches/2.8/wp-trackback.php
@@ -51,5 +51,5 @@

if ($charset)
<em>- $charset = strtoupper( trim($charset) );</em>
<strong>+ $charset = str_replace( array(‘,’, ‘ ‘), ”, strtoupper( trim($charset) ) );</strong>
else
$charset = ‘ASCII, UTF-8, ISO-8859-1, JIS, EUC-JP, SJIS’;[/sourcecode]

There were other small bug fixes, here is a list of changes:

• Fix for trackback DOS
• Removal of permalink_structure eval
• Remove some create_function() calls
• Disallow unfiltered uploads for admins by default. Enable it again with define(’ALLOW_UNFILTERED_UPLOADS’, true); in wp-config.php
• Add extra escaping here and there for defense in depth
• Retire two old importers
• A few small bug fixes