Yesterday there was a ton of discussion via Twitter and on several blogs regarding a comment reset “exploit” which surfaced for the WordPress 2.8.x branch.  To avoid recapping the exploit, if you want to learn more about this exploit, check out this great post from our friend Leland of Theme Lab.  Along with this exploit came the speculation that WordPress 2.8.4 was soon to follow with a fix.

Well, it turns out these people were correct, as this morning I found a friendly message in my dashboard telling me that WordPress 2.8.4 was ready for me to upgrade!  This was especially good news for me, as for some reason people believe that because I run a WordPress fan blog, that they should try it out on this website. 

After the success we’ve had with new branch releases of the past few WordPress branches (2.6 and 2.7 both come to mind), it is a little surprising to see that we already have yet another security patch, this time being WordPress 2.8.3.  Because this is a security update, it is highly recommended that everyone take a moment to upgrade their WordPress installation.

Here is what the WordPress team had to say about the WordPress 2.8.3 security update:

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.  Since this is a security release, upgrading is highly recommended.  Download 2.8.3, or upgrade automatically from your admin.

The ribbon reminder in your dashboard just showed up, so you can now do your automatic upgrade, or manually download WordPress 2.8.3 from here.

Although it isn’t very long after WordPress 2.8.1 was released, WordPress 2.8.2 was just released today and is a security update which corrects a XSS vulnerability which was discovered.   Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.

Due to this being a security update, it is strongly recommended that you upgrade your WordPress 2.8 installations as soon as possible.  This can quickly and easily be done via your WordPress administrator panel (for WordPress 2.7 and newer installations) via Tools –> Upgrade, or you can manually download it here. 

If you’d like to read the official announcement, you can see it here.

In case you haven’t noticed it yet in your WordPress dashboard, it looks like WordPress 2.8 has officially been released!  Don’t forget if you are currently using WordPress 2.7 or 2.7.1, you can use the one-click upgrade feature built into WordPress to upgrade! 

The changes from WordPress 2.7 aren’t as noticable as they were from 2.6 to 2.7, but it is always worth upgrading to the latest installation in my opinion.   As far as what is new, here is what the WordPress team had to say about the improvements in WordPress 2.8:

Major New Improvements

First and foremost, 2.8 is way faster to use. We’ve changed the way WordPress does style and scripting.

The core and plugin updaters in previous versions of WordPress have been such a success we decided to bring the same to themes. You can now browse the entire theme directory and install a theme with one click from the comfort of your WordPress dashboard.

If you make edits or tweaks to themes or plugins from your dashboard, you’ll appreciate the new CodePress editor which gives syntax highlighting to the previously-plain editor. Also there is now contextual documentation for the functions in the file you’re editing linked right below the editor.

If you were ever frustrated with widgets before, this release should be your savior. We’ve completely redesigned the widgets interface (which we didn’t have time to in 2.7) to allow you to do things like edit widgets on the fly, have multiple copies of the same widget, drag and drop widgets between sidebars, and save inactive widgets so you don’t lose all their settings. Developers now have access to a much cleaner and robust API for creating widgets as well.

Finally you should explore the new Screen Options on every page. It’s the tab in the top right. Now, for example, if you have a wide monitor you could set up your dashboard to have four columns of widgets instead of the two it has by default. On other pages you can change how many items show per page.

You can view the entire list of changes here.

I know this post is a little late and most of you have probably already noticed this in your WordPress dashboard already, but WordPress 2.7.1 is now available to download.  This update includes at least 68 bug fixes, so it is definitely worth making the upgrade.

As this is the first update in the WordPress 2.7.1 branch, I just wanted to make sure everyone knows that you can now easily upgrade from within your dashboard by going to Tools –> Upgrade.  Those of you waiting to upgrade to the WordPress 2.7.x branch until the first update was available will still need to upgrade manually.