djoser could be made to bypass authentication checks during login.
Comment
WordPress 6.8 Beta 3
Mar18
WordPress 6.8 Beta 3 is now ready for testing!
This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended you evaluate Beta 3 on a test server and site.
You can test WordPress 6.8 Beta 3 in four ways:
| Plugin | Install and activate the WordPress Beta Tester plugin on a WordPress install. (Select the “Bleeding edge” channel and “Beta/RC Only” stream). |
| Direct Download | Download the Beta 3 version (zip) and install it on a WordPress website. |
| Command Line | Use the following WP-CLI command: wp core update --version=6.8-beta3 |
| WordPress Playground | Use the 6.8 Beta 3 WordPress Playground instance to test the software directly in your browser without the need for a separate site or setup. |
The current target date for the final release of WordPress 6.8 is April 15, 2025. Get an overview of the 6.8 release cycle, and check the Make WordPress Core blog for 6.8-related posts in the coming weeks for more information.
Catch up on what’s new in WordPress 6.8: Read the Beta 1 and Beta 2 announcements for details and highlights.
How to test this release
Your help testing the WordPress 6.8 Beta 3 version is key to ensuring everything in the release is the best it can be. While testing the upgrade process is essential, trying out new features is equally important. This detailed guide will walk you through testing features in WordPress 6.8.
If you encounter an issue, please report it to the Alpha/Beta area of the support forums or directly to WordPress Trac if you are comfortable writing a reproducible bug report. You can also check your issue against a list of known bugs.
Curious about testing releases in general? Follow along with the testing initiatives in Make Core and join the #core-test channel on Making WordPress Slack.
Vulnerability bounty doubles during Beta/RC
Between Beta 1, released on March 4, 2025, and the final Release Candidate (RC) scheduled for April 8, 2025, the monetary reward for reporting new, unreleased security vulnerabilities is doubled. Please follow responsible disclosure practices as detailed in the project’s security practices and policies outlined on the HackerOne page and in the security white paper.
Beta 3 updates and highlights
WordPress 6.8 Beta 3 contains more than 3 Editor updates and fixes since the Beta 2 release, including 16 tickets for WordPress core.
Each beta cycle focuses on bug fixes; more are on the way with your help through testing. You can browse the technical details for all issues addressed since Beta 3 using these links:
- GitHub commits for 6.8 since March 12, 2025
- Closed Trac tickets since March 12, 2025
A Beta 3 haiku
Beta three refines,
WordPress shapes with steady hands,
Code grows into form.
Props to @benjamin_zekavica @krupajnanda @ankit-k-gupta @joemcgill for proofreading and review.
ix for CVE-2025-26699: Potential denial-of-service vulnerability in django.utils.text.wrap()
PlantUML could be made to crash or run programs as your login if it opened a specially crafted UML file.
Several security issues were fixed in FreeType.