January 23, 2017

WordPress 4.7.1 Security Release

WordPress 4.7.1 is now available, and is a security release for all previous versions of WordPress.

We strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
  5. Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key. Reported by Jack.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.

Upgrade WordPress TODAY

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 4.7.1.  If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.7 “Vaughan” Released

WordPress 4.7 has been released.


WordPress 4.7 Upgrade

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

All current Watershed Studio WordPress Upgrade Service and Maintenance Package subscribers have been scheduled for your WordPress 4.7 upgrade.

If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.4 “Clifford” Released

WordPress 4.4, named “Clifford” in honor of jazz trumpeter Clifford Brown, is available for download or update in your WordPress dashboard. New features in 4.4 make your site more connected and responsive. Clifford also introduces a new default theme, Twenty Sixteen.


Twenty Sixteen

Twenty Sixteen, is a modern take on a classic blog design, and was built to look great on any device. A fluid grid design, flexible header, fun color schemes, and more, will all make your content shine.

Responsive Images

WordPress now takes a smarter approach to displaying appropriate image sizes on any device, ensuring a perfect fit every time. You don’t need to do anything to your theme, it just works.

Embed Everything

Now you can embed your posts on other WordPress sites. Simply drop a post URL into the editor and see an instant embed preview, complete with the title, excerpt, and featured image if you’ve set one. It will even include your site icon and links for comments and sharing.

In addition to post embeds, WordPress 4.4 also adds support for five new oEmbed providers: Cloudup, Reddit Comments, ReverbNation, Speaker Deck, and VideoPress.

WordPress 4.4 Upgrade

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

All current Watershed Studio WordPress Upgrade Service and Maintenance Package subscribers have been scheduled for your WordPress 4.4 upgrade.

If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.3.1 Security Release

WordPress 4.3.1 is now available, and is a security release for all previous versions of WordPress.

We strongly encourage you to update your sites immediately.

 

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

  • WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point.
  • A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team.
  • Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point.

Version 4.3.1 also fixes twenty-six bugs bugs with 4.3

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 4.3.1.  If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

Genesis Version 2.2.0 Now Available

Genesis Version 2.2 was released August 28th, and includes the following changes”

  • Allow child themes to enable accessibility features for web users with disabilities.
  • Improvements to the Schema.org microdata Genesis outputs.
  • Compatibility with WordPress’s generated Title Tag output.
  • Compatibility with WordPress’s new Site Icon feature.
  • Allow entry meta to be turned off on a per post type level.
  • Many other improvements and bug fixes.

Upgrading

NOTE: If you have made any changes directly to files in the /genesis/ folder, upgrading will overwrite these changes. Therefore, we recommend that you NEVER make changes this way. Alternatively, use the CSS in the child theme folder to make stylistic modifications, and use the proper PHP files in the child theme folder, along with the Genesis Hook system, to make functional/output modifications.

Using the Automatic Upgrader

  1. Click the “upgrade now” link in the update notification at the top your your dashboard page.
  2. Confirm the upgrade.
  3. After the new version is installed, click the link to complete the upgrade.
  4. All done!

Upgrading Manually

  1. Before you upgrade anything, make sure you have backup copies of your child theme.
  2. Delete the old genesis folder from your wp-content/themes directory
  3. Unzip and upload the new genesis folder to your wp-content/themes directory
  4. Log into the dashboard to complete the upgrade process.

WordPress 4.3 “Billie” Released

WordPress 4.3 is now available, with new features that make it even easier to format your content and customize your site.

Menus in the Customizer

Create your menu, update it, and assign it, all while live-previewing in the customizer. The streamlined customizer design provides a mobile-friendly and accessible interface. With every release, it becomes easier and faster to make your site just the way you want it.

Formatting Shortcuts

Your writing flow just got faster with new formatting shortcuts in WordPress 4.3. Use asterisks to create lists and number signs to make a heading. No more breaking your flow; your text looks great with a * and a #.

Site Icons

Site icons represent your site in browser tabs, bookmark menus, and on the home screen of mobile devices. Add your unique site icon in the customizer; it will even stay in place when you switch themes. Make your whole site reflect your brand.

Better Passwords

Keep your site more secure with WordPress’ improved approach to passwords. Instead of receiving passwords via email, you’ll get a password reset link. When you add new users to your site or edit a user profile, WordPress will automatically generate a secure password.

Other improvements

  • A smoother admin experience – Refinements to the list view across the admin make your WordPress more accessible and easier to work with on any device.
  • Comments turned off on pages – All new pages that you create will have comments turned off. Keep discussions to your blog, right where they’re supposed to happen.
  • Customize your site quickly – Wherever you are on the front-end, you can click the customize link in the toolbar to swiftly make changes to your site.

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

All current Watershed Studio WordPress Upgrade Service and Maintenance Package subscribers have been scheduled for your WordPress 4.2 upgrade.

If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.2 “Powell” Released

WordPress 4.2 is now available, with new features that help you focus on sharing content, and global communication.

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

All current Watershed Studio WordPress Upgrade Service and Maintenance Package subscribers have been scheduled for your WordPress 4.2 upgrade.

If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.1 “Dinah” Released

WordPress 4.1 is now available, with new features that help you focus on your writing via a new “distraction-free writing mode”, and the new default theme, Twenty Fifteen, which lets you show your site off in style.

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

All current Watershed Studio WordPress Upgrade Service and Maintenance Package subscribers have been scheduled for your WordPress 4.1 upgrade.

If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

CRITICAL WordPress 4.0.1 Security Release: UPGRADE NOW

WordPress 4.0.1 is now available, and is a critical security release for all previous versions of WordPress.

We strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 soon, if not already. BUT, we have been seeings issue with the automatic upgrades this round, so please check your sites. If you spot any issues, please contact us for assistance.

If you are still running WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. If you are running older legacy versions of WordPress, please upgrade to 4.0.1 immediately.

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests.
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008.
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address.

Version 4.0.1 also fixes 23 bugs with 4.0, and also two hardening changes, including better validation of EXIF data we are extracting from uploaded photos.

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 4.0.1.  If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

Camelio Kids’ Tablet Review

camelio._1374082520.7412

The CAMELIO ($99.99 from Amazon.com) is a unique, Android tablet that allows you to customize and personalize your tablet with your favorite characters.

Up to 5 users can easily create their own profile and customize their account with Camelio “Personality Packs” (sold separately). Personality packs allow users to customize wallpaper, widgets, lock screens, camera and photo editor and a themed bumper case. In addition, licensed games, video, music, and books are also included and vary by theme.

As an adult I certainly wouldn’t trade in my Samsung Galaxy Tab 10.1 for it, but this is a great, inexpensive, tablet option for children. My own kids have been using this for a while now, with no complaints other than who gets to use it next.

Bottom Line: Buy it for the kids, they’ll have a blast with it, and it will free up your own phone and/or tablet. Plus being Android based, there are plenty of free game options they can choose from, such as Angry Birds and Temple Run.