Release Notes: This is a maintenance and security update.
Release Notes: This release has a completely new Media Library manager, easier-than-ever image galleries, and a new mobile-first, responsive theme named TwentyTwelve. There are also improvements to multi-site functionality, a retina-ready admin, and many new-and-improved API changes for developers.
Release Notes: The new Theme Customizer allows theme developers to easily add customization for header images, background images and colors, and other elements with a live preview. Improvements to the XML-RPC API provide access to Custom Post Types and other data. Changes to the WP_Query object improve performance and memory use. Numerous improvements were made in the i18n and l10n systems. Twitter is now a supported oEmbed provider. Touch support in the administrative UI is provided by the jQuery UI Touch Punch library.
Release Notes: A few of this release are global undo and "trash", image editing (crop, rotate, scale, flip), post thumbnail support for themes, batch plugin update and compatibility checking, easy video embedding via the oEmbed standard, the use of rel=canonical for SEO, commentmeta for extending comments, improved API support for custom post types, extensible registration and user profiles, and many other new features, enhancements, and performance improvements.
Release Notes: This release fixes two security problems that could be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading is recommended. The first problem was an XSS vulnerability in Press The second problem was an issue with sanitizing uploaded file names that could be exploited in certain Apache configurations.
Release Notes: A vulnerability was discovered in which a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset, and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. This release, which fixes all known problems, is now available for download and is highly recommended.
Release Notes: This release fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
Release Notes: These changes were made since the 2.8 release. A bug was fixed in which the wrong files were deleted when the core update failed. Memory requirements in the Dashboard were improved. A problem was worked around in some third-party themes that tried to call get_categories() before the function was loaded. Extra security was put in place for some third-party plugins that don't do their own explicit permission checks. Various other minor bugfixes, tweaks, and improvements were made.