After nearly 11 million downloads of WordPress 3.0 in just 42 days, we’re releasing WordPress 3.0.1. The requisite haiku:

Three dot oh dot one
Bug fixes to make you smile
Update your WordPress

This maintenance release addresses about 50 minor issues. The testing many of you contributed prior to the release of 3.0 helped make it one of the best and most stable releases we’ve had.

Download 3.0.1 or update automatically from the Dashboard > Updates menu in your site’s admin area.

Note: If you downloaded 3.0.1 in the first 20 minutes of release (before 2200 UTC), you’ll want to reinstall it, which you can do right from your Updates screen. Our bad.

Arm your vuvuzelas: WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download (or upgrade within your dashboard). Major new features in this release include a sexy new default theme called Twenty Ten. Theme developers have new APIs that allow them to easily implement custom backgrounds, headers, shortlinks, menus (no more file editing), post types, and taxonomies. (Twenty Ten theme shows all of that off.) Developers and network admins will appreciate the long-awaited merge of MU and WordPress, creating the new multi-site functionality which makes it possible to run one blog or ten million from the same installation. As a user, you will love the new lighter interface, the contextual help on every screen, the 1,217 bug fixes and feature enhancements, bulk updates so you can upgrade 15 plugins at once with a single click, and blah blah blah just watch the video. (In HD, if you can, so you can catch the Easter eggs.)

If you’d like to embed the WordPress 3.0 video tour in your blog, copy and paste this code for the high quality version:

<embed src="http://v.wordpress.com/wp-content/plugins/video/flvplayer.swf?ver=1.21" type="application/x-shockwave-flash" width="640" height="360" wmode="transparent" seamlesstabbing="true" allowfullscreen="true" allowscriptaccess="always" overstretch="true" flashvars="guid=BQtfIEY1&amp;width=640&amp;height=360&amp;locksize=no&amp;dynamicseek=false&amp;qc_publisherId=p-18-mFEk4J448M" title="Introducing WordPress 3.0 &quot;Thelonious&quot;"></embed>

For a more comprehensive look at everything that has improved in 3.0 check out 3.0′s Codex page or the long list of issues in Trac. (We’re trying to keep these announcement posts shorter.) Whew! That’s a lot packed into one release. I can’t think of a better way to kick off the 3.X cycle we’ll be in for the next two and a half years.

The Future

Normally this is where I’d say we’re about to start work on 3.1, but we’re actually not. We’re going to take a release cycle off to focus on all of the things around WordPress. The growth of the community has been breathtaking, including over 10.3 million downloads of version 2.9, but so much of our effort has been focused on the core software it hasn’t left much time for anything else. Over the next three months we’re going to split into ninja/pirate teams focused on different areas of the around-WordPress experience, including the showcase, Codex, forums, profiles, update and compatibility APIs, theme directory, plugin directory, mailing lists, core plugins, wordcamp.org… the possibilities are endless. The goal of the teams isn’t going to be to make things perfect all at once, just better than they are today. We think this investment of time will give us a much stronger infrastructure to grow WordPress.org for the many tens of millions of users that will join us during the 3.X release cycle.

It Takes a Village

I’m proud to acknowledge the contributions of the following 218 people to the 3.0 release cycle. These are the folks that make WordPress what it is, whose collaboration and hard work enable us to build something greater than the sum of our parts. In alphabetical order, of course.

Committers: azaozz (Andrew Ozz) (prof), dd32 (Dion Hulse) (prof), donncha (Donncha O Caoimh) (prof), iammattthomas (Matt Thomas) (prof), josephscott (Joseph Scott) (prof), markjaquith (Mark Jaquith) (prof), matt (Matt Mullenweg) (prof), nacin (Andrew Nacin) (prof), nbachiyski (Николай Бачийски) (prof), ryan (Ryan Boren) (prof), westi (Peter Westwood) (prof), and wpmuguru (Ron Rennick) (prof). Contributors: aaroncampbell (Aaron Campbell) (prof), akerem (prof), alexkingorg (Alex King) (prof), amattie (prof), ampt (Luke Gallagher) (prof), andrea_r (prof), andreasnrb (Andreas Nurbo) (prof), anilo4ever (Angelo Verona) (prof), apeatling (Andy Peatling) (prof), apokalyptik (Demitrious Kelly) (prof), arena (André Renaut) (prof), barry (Barry Abrahamson) (prof), batmoo (Mohammad Jangda) (prof), beaulebens (Beau Lebens) (prof), belg4mit (prof), bigdawggi (Matthew G. Richmond) (prof), blepoxp (Glenn Ansley) (prof), brentes (Brent Shepherd) (prof), briancolinger (Brian Colinger) (prof), bumbu (prof), caesarsgrunt (Caesar Schinas) (prof), camiloclc (prof), CAMWebDesign (prof), carbolineum (prof), caspie (prof), catiakitahara (Cátia Kitahara) (prof), CharlesClarkson (Charles Clarkson) (prof), chdorner (Christof Dorner) (prof), chrisbliss18 (Chris Jean) (prof), chrisscott (Chris Scott) (prof), cnorris23 (Brandon Allen) (prof), coffee2code (Scott Reilly) (prof), computerwiz908 (prof), cyberhobo (Dylan Kuhn) (prof), dancole (Dan Cole) (prof), Daniel Koskinen , deepak.seth (Deepak Seth), demetris (Δημήτρης Κίκιζας) (prof), Denis-de-Bernardy (prof), dimadin (Milan Dinić) (prof), dndrnkrd (Dan Drinkard) (prof), docwhat (prof), dougwrites ( href="http://profiles.wordpress.org/dougwrites">prof), dphiffer (Dan Phiffer) (prof), dragoonis (prof), dremeda (Dre Armeda) (prof), dtoj , dougal (Dougal Campbell) (prof), duck_ (Jon Cave) (prof), dxjones (David Jones) (prof), eddieringle (Eddie Ringle) (prof), edward mindreantre (Edward Hevlund), eoinomurchu (prof), empireoflight/Ben Dunkle (prof), ericmann (Eric Mann) (prof), etiger13 (Eddie Monge Jr.) (prof), filosofo (Austin Matzko) (prof), firebird75 (prof), frankieroberto (Frankie Roberto) (prof), Frumph (Philip M. Hofer) (prof), garyc40 (Gary Cao) (prof), gautam2011 (prof), Gary Ross (Gazzer) , GDragoN (Milan Petrovic) (prof), greenshady (Justin Tadlock) (prof), GIGALinux (Dennis Morhardt) (prof), hakre (prof), husky (prof), iandstewart (Ian Stewart) (prof), ipstenu (Mika Epstein) (prof), jacobsantos (Jacob Santos) (prof), jamescollins (James Collins) (prof), jane (Jane Wells) (prof), jbsil (Jesse Silverstein) (prof), jdub (Jeff Waugh) (prof), jeffikus (Jeffrey Pearce) (prof), jeffstieler (Jeff Stieler) (prof), jeremyclarke (Jeremy Clarke) (prof), jfarthing84 (Jeff Farthing) (prof), Jick (James Dimick) (prof), jmstacey (Jon Stacey) (prof), jobjorn (Jobjörn Folkesson) (prof), johanee (Johan Eenfeldt) (prof), johnbillion (John Blackbourn) (prof), johnjamesjacoby/jjj (John James Jacoby) (prof), johnjosephbachir (John Joseph Bachir) (prof), johnl1479 (John Luetke) (prof), johnonolan (John O’Nolan) (prof), JohnPBloch/wmrom (John Bloch) (prof), joostdevalk/yoast (Joost de Valk) (prof), jorbin (Aaron Jorbin) (prof), joshtime (prof), jshreve (prof), junsuijin (prof), kallewangstedt (Karl Wångstedt) (prof), keighl (Kyle Truscott) (prof), kevinB (Kevin Behrens) (prof), koopersmith (Daryl Koopersmith) (prof), kpdesign (Kim Parsell)
(prof), ktdreyer (Ken Dreyer) (prof), kurtmckee (Kurt McKee) (prof), laceous (prof), lancewillett (Lance Willett) (prof), lloydbudd (Lloyd Budd) (prof), lriggle (prof), markauk (prof), markmcwilliams (Mark McWilliams) (prof), markoheijnen (Marko Heijnen) (prof), markup (Sasha Mukhin) (prof), mattsains (prof), matveb (Matias Ventura) (prof), mdawaffe (Michael Adams) (prof) , mentel_br (prof), messenlehner (Brian Messenlehner) (prof), miau_jp (prof), Michael (Michael Heilemann) (prof), MichaelH (prof), mikeschinkel (Mike Schinkel) (prof), Miloslav Beňo , minusfive (prof), miqrogroove (Robert Chapin) (prof), misterbisson (Casey Bisson) (prof), mitchoyoshitaka (mitcho (Michael 芳貴 Erlewine)) (prof), MMN-o (prof), momo360modena (Amaury Balmer) (prof), morganestes (Morgan Estes) (prof), mrmist (David McFarlane) (prof), mtdewvirus (Nick Momrik) (prof), nadavvin (prof), Nao (Naoko McCracken) (prof), nathanrice (Nathan Rice) (prof), neoxx (Bernhard Riedl) (prof), niallkennedy (Niall Kennedy) (prof), ninjaWR (Ryan Murphy) (prof), noel (Noël Jackson) (prof), nomulous (Fletcher Tomalty) (prof), ocean90 (Dominik Schilling) (prof), Otto42 (Samuel Wood) (prof), pedger (prof), PeteMall (prof), pampfelimetten (prof), pnettle (prof), PotterSys (Juan) (prof), prettyboymp (Michael Pretty) (prof), ptahdunbar (Ptah Dunbar) (prof), ramiy (prof), RanYanivHartstein (Ran Yaniv Hartstein) (prof), reaperhulk (Paul Kehrer) (prof), reko (prof), remi (Rémi Prévost) (prof), rlerdorf (Rasmus Lerdorf) (prof) , rmccue (Ryan McCue) (prof), rooodini (prof), rovo89 (prof), ruslany ( "http://profiles.wordpress.org/ruslany">prof), sc0ttkclark (Scott Kingsley Clark) (prof), scottbasgaard (Scott Basgaard) (prof), ScottMac (prof), scribu (prof), SergeyBiryukov (Сергей Бирюков) (prof), ShaneF (prof), sillybean (Stephanie Leary) (prof), Simek (Bartosz Kaszubowski) (prof), simonwheatley (Simon Wheatley) (prof), simosx (Σίμος Ξενιτέλλης) (prof), sirzooro (Daniel Frużyński) (prof), sivel (Matt Martz) (prof), skeltoac (Andy Skelton) (prof), snumb130 (Luke Howell) (prof), solarissmoke (Samir Shah) (prof), sorich87 (prof), ssandison (prof), stencil (prof), stephdau (Stephane Daury) (prof), tai (prof), TECannon (Tracy Cannon) (prof), technosailor (Aaron Brazell) (prof), tenpura (prof), thales.tede , TheDeadMedic (prof), thee17 (Charles E. Frees-Melvin) (prof), thetoine (Antoine Girard) (prof), tinkerpriest (c.bavota) (prof), TobiasBg (Tobias Bäthge) (prof), tomtomp (prof), tychay (Terry Chay) (prof), typeomedia (prof), uglyrobot (Aaron Edwards) (prof), UnderWordPressure (prof), usermrpapa (prof), Utkarsh (Utkarsh Kukreti) (prof), validben (Benoit Gilloz ) (prof), Viper007Bond (Alex Mills) (prof), vladimir_kolesnikov (Vladimir Kolesnikov) (prof), willmot (Tom Willmot) (prof), wahgnube (prof), waltervos (Walter Vos) (prof), wds-chris (Christopher Cochran) (prof), williamsba1 (Brad Williams) (prof), wnorris (Will Norris) (prof), xibe (Xavier Borderie) (prof), yoavf (Yoav Farhi) (prof), zeo (Safirul Alredha) (prof), znarfor (François Hodierne) (prof), and zoranzaric (Zoran Zaric) (prof).

Bonus

If you’ve made it this far, check out my 2010 State of the Word speech at WordCamp San Francisco, it’s jam-packed with information on the growth of WordPress, 3.0, what we’re planning for the future, and the philosophy of WordPress.

I want to make you mine, all the time… oh wait. Hello. I’m here on behalf of the entire WordPress development team and community to announce the immediate availability of WordPress version 2.9 “Carmen” named in honor of magical jazz vocalist Carmen McRae (whom we’ve added to our Last.fm WP release station). You can upgrade easily from your Dashboard by going to Tools > Upgrade, or you can download from WordPress.org. And of course, it wouldn’t be a major release without a short video summarizing some of the cool things about the new version:

The coolest new stuff from a user point of view is:

1. Global undo/”trash” feature, which means that if you accidentally delete a post or comment you can bring it back from the grave (i.e., the Trash). This also eliminates those annoying “are you sure” messages we used to have on every delete.
2. Built-in image editor allows you to crop, edit, rotate, flip, and scale your images to show them who’s boss. This is the first wave of our many planned media-handling improvements.
3. Batch plugin update and compatibility checking, which means you can update 10 plugins at once, versus having to do multiple clicks for each one, and we’re using the new compatibility data from the plugins directory to give you a better idea of whether your plugins are compatible with new releases of WordPress. This should take the fear and hassle out of upgrading.
4. Easier video embeds that allow you to just paste a URL on its own line and have it magically turn it into the proper embed code, with Oembed support for YouTube, Daily Motion, Blip.tv, Flickr, Hulu, Viddler, Qik, Revision3, Scribd, Google Video, Photobucket, PollDaddy, and WordPress.tv (and more in the next release).

2.9 provides the smoothest ride yet because of a number of improvements under the hood and more subtle improvements you’ll begin to appreciate once you’ve been around the block a few times. Here’s just a sampling:

• We now have rel=canonical support for better SEO.
• There is automatic database optimization support, which you can enable in your wp-config.php file by adding define('WP_ALLOW_REPAIR', true);.
• Themes can register “post thumbnails” which allow them to attach an image to the post, especially useful for magazine-style themes.
• A new commentmeta table that allows arbitrary key/value pairs to be attached to comments, just like posts, so you can now expand greatly what you can do in the comment framework.
• Custom post types have been upgraded with better API support so you can juggle more types than just post, page, and attachment. (More of this planned for 3.0.)
• You can set custom theme directories, so a plugin can register a theme to be bundled with it or you can have multiple shared theme directories on your server.
• We’ve upgraded TinyMCE WYSIWYG editing and Simplepie.
• Sidebars can now have descriptions so it’s more obvious what and where they do what they do.
• Specify category templates not just by ID, like before, but by slug, which will make it easier for theme developers to do custom things with categories — like post types!
• Registration and profiles are now extensible to allow you to collect things more easily, like a user’s Twitter account or any other fields you can imagine.
• The XML-RPC API has been extended to allow changing the user registration option. We fixed some Atom API attachment issues.
• Create custom galleries with the new include and exclude attributes that allow you to pull attachments from any post, not just the current one.
• When you’re editing files in the theme and plugin editors it remembers your location and takes you back to that line after you save. (Thank goodness!!!)
• The Press This bookmarklet has been improved and is faster than ever; give it a try for on-the-fly blogging from wherever you are on the internet.
• Custom taxonomies are now included in the WXR export file and imported correctly.
• Better hooks and filters for excerpts, smilies, HTTP requests, user profiles, author links, taxonomies, SSL support, tag clouds, query_posts and WP_Query

All of this and more is reflected in the over 500 tickets, bugs, and enhancements that WP developers in this release cycle.

This release included code from over 140 contributors, here’s everyone we were able to identify: aaroncampbell (Aaron Campbell), abackstrom (Adam Backstrom), aldenta (John Ford), alexkingorg (Alex King), [amilanov], antonylesuisse (Antony Lesuisse), apeatling (Andy Peatling), apokalyptik (Demitrious Kelly), arena (André Renaut), batmoo (Mohammad Jangda), Ben Dunkle, BenBE1987, Benjamin Flesch, bookchiq (Sarah Lewis), brianwhite, c0nstruct, caesarsgrunt (Caesar Schinas), CalebKniffen (Caleb Kniffen), chrisbliss18, chrisscott (Chris Scott), christoph179, coffee2code (Scott Reilly), [cross country flight], Curioso, davecpage (Dave Page), dcole07 (Dan Cole), dd32 (Dion Hulse), demetris (Δημήτρης Κίκιζας), Denis-de-Bernardy, dj-wp, dwright, eddieringle (Eddie Ringle), error (Michael Hampton), ewestp, fabifott, filosofo (Austin Matzko), greenshady (Justin Tadlock), gsnedders/link92 (Geoffrey Sneddon), hailin (Hailin Wu), hakre, hanilovesme, Harald Nesland, harrym, holizz (Tom Adams), ikonst, jacobsantos (Jacob Santos), janeforshort (Jane Wells), jamescollins (James Collins), jdub (Jeff Waugh), jeff_ (Jean-François “Jeff” VIAL), jeremyclarke (Jeremy Clarke), JeremyVisser (Jeremy Visser), jikamens, jmulley, Joern_W, johanee (Johan Eenfeldt), johnbillion (John Blackbourn), johnjamesjacoby (John James Jacoby), johnjosephbachir (John Joseph Bachir), JonathanRogers, joostdevalk (Joost de Valk), Jose Carlos Norte, josephscott (Joseph Scott), junsuijin, kevinB (Kevin Behrens), kometbomb, lilyfan (IKEDA Yuriko), [lostinlafayette], madhyde, MattyRob, mdawaffe (Michael Adams), Mittineague, miqrogroove, morfiusx, mrmist (David McFarlane), mtdewvirus (Nick Momrik), mysz, nacin (Andrew Nacin), nanochrome, nao (Naoko McCracken), nathanrice (Nathan Rice), nbachiyski (Николай Бачийски), niallkennedy (Niall Kennedy), nickohrn (Nick Ohrn), ninjaWR (Ryan Murphy), noel (Noël Jackson), Otto42 (Samuel Wood), pairg, peaceablewhale (Franklin Tse), prettyboymp (Michael Pretty), ProDevStudio, ramiy, redsweater (Daniel Jalkut), ruslany, sambauers (Sam Bauers), scribu, Sewar, Simek, simonwheatley (Simon Wheatley), sirzooro (Daniel Frużyński), sivel (Matt Martz), skeltoac (Andy Skelton), snakefoot, stephanreiter (Stephan Reiter), strider72 (Stephen Rider), taco1991, takayukister (Takayuki Miyoshi), tellyworth, tenpura, usermrpapa, utkarsh, Viper007Bond, vladimir_kolesnikov (Vladimir Kolesnikov), VoxPelli (Pelle Wessman), [voyou1], wahgnube, waltervos, westonruter (Weston Ruter), wnorris (Will Norris), xenlab (Eric Marden), yoavf (Yoav Farhi). Wowza!

2.9 has been an exciting development cycle, and I must say it has whetted our appetite for 3.0, which is coming next (probably this spring) and will include at the very least the merge of MU with the WordPress core, and a new default theme. We can’t wait to start working on it. But first, some Carmen McRae tunes and a beer. Join us!

(After you upgrade, of course!)

I hope everyone is having a wonderful holiday season.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3.  Since this is a security release, upgrading is highly recommended.  Download 2.8.3, or upgrade automatically from your admin.

WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.  Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.

WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe.

What else is new since 2.8?  Read through the highlights below, or  view all changes since 2.8

• Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
• Dashboard memory usage is reduced.  Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
• The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
• A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
• Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
• Translation of role names fixed.
• wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
• Upload error messages are now correctly reported.
• Autosave error experienced by some IE users is fixed.
• Styling glitch in the plugin editor fixed.
• SSH2 filesystem requirements updated.
• Switched back to curl as the default transport.
• Updated the translation library to avoid a problem with mbstring.func_overload.
• Stricter inline style sanitization.
• Stricter menu security.
• Disabled code highlighting due to browser incompatibilities.
• RTL layout fixes.

2.8.1 is nigh.  Release Candidate 1 is our last stop before the final release.  Please download RC1, review the changes made since beta 2, and have a look at all of the tickets fixed in 2.8.1.  Thanks for testing WordPress.