If you’ve visited your WordPress site’s dashboard in the past 24 hours you probably noticed that WordPress 2.9 is now available to download.    I know many people like to wait to upgrade to give theme and plugin authors a chance to create updates, but the new changes in WordPress 2.9 seem to be playing nice with everything based upon all the reports I’ve read.  I’ve also upgraded most of my websites that use WordPress without any theme or plugin conflicts.

If you are interested in learning about what is new in WordPress 2.9, there is a great write up posted on Quick Online Tips which you can view here.  The post features the following new features:

1. Thrash It
2. Image Editor
3. Batch Plugin Update
4. Easier Video Embeds
5. Database Optimization Support

What is your favorite new feature in WordPress 2.9?

Yesterday there was a ton of discussion via Twitter and on several blogs regarding a comment reset “exploit” which surfaced for the WordPress 2.8.x branch.  To avoid recapping the exploit, if you want to learn more about this exploit, check out this great post from our friend Leland of Theme Lab.  Along with this exploit came the speculation that WordPress 2.8.4 was soon to follow with a fix.

Well, it turns out these people were correct, as this morning I found a friendly message in my dashboard telling me that WordPress 2.8.4 was ready for me to upgrade!  This was especially good news for me, as for some reason people believe that because I run a WordPress fan blog, that they should try it out on this website. 

After the success we’ve had with new branch releases of the past few WordPress branches (2.6 and 2.7 both come to mind), it is a little surprising to see that we already have yet another security patch, this time being WordPress 2.8.3.  Because this is a security update, it is highly recommended that everyone take a moment to upgrade their WordPress installation.

Here is what the WordPress team had to say about the WordPress 2.8.3 security update:

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.  Since this is a security release, upgrading is highly recommended.  Download 2.8.3, or upgrade automatically from your admin.

The ribbon reminder in your dashboard just showed up, so you can now do your automatic upgrade, or manually download WordPress 2.8.3 from here.

Although it isn’t very long after WordPress 2.8.1 was released, WordPress 2.8.2 was just released today and is a security update which corrects a XSS vulnerability which was discovered.   Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.

Due to this being a security update, it is strongly recommended that you upgrade your WordPress 2.8 installations as soon as possible.  This can quickly and easily be done via your WordPress administrator panel (for WordPress 2.7 and newer installations) via Tools –> Upgrade, or you can manually download it here. 

If you’d like to read the official announcement, you can see it here.

With the recent release of WordPress 2.8 this past week, there has been a number of complications and/or frustrations from the WordPress community, leading to a lot of discussion about how long you should wait to upgrade WordPress when a new branch is released.  Historically the WordPress team has always done a great job of testing their releases, which I think lead to a strong confidence from the WordPress community when it was time to upgrade.   Combine that with the one-click upgrade option that is now built into WordPress and the annoying tag reminding you to upgrade, and you’ve got a huge number of people who upgraded to WordPress 2.8 immediately upon its release.

Unfortunately, with each new WordPress branch comes changes which sometimes break WordPress plugins, create problems with the WordPress theme you are using, and usually includes changes to the code.   If you upgrade before the themes or plugins you rely on have been updated, this can cause problems.   The iThemes team recently touched on this subject with their post, When Should I Upgrade WordPress?  Their post also includes five helpful things that need done BEFORE you do your one-click upgrade:

1. Make a backup of all your site data
2. Upgrade of all your plugins
3. Visit plugin and theme author websites
4. Disable all plugins
5. Ask yourself if you need to upgrade now

I also recommend waiting a week or so to view feedback before upgrading.

I know several of you haven’t upgraded WordPress to 2.8 yet.   How long do you plan on waiting until you upgrade your WordPress installation?  Please include which version of WordPress you are currently using with your comment!