This is an update fixing possible remote SQL injection.
Comment
Update to 0.3.5 to fix FTBFS and test failures
Amel Bouziane-Leblond discovered that insufficient validation of “vnd.libreoffice.command” URI schemes could result in the execution of arbitrary macro commands.
WordPress 6.8 Beta 1
Mar04
WordPress 6.8 Beta 1 is ready for download and testing!
This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, set up a test environment or a local site to explore the new features.
How to Test WordPress 6.8 Beta 1
You can test this beta release in any of the following ways:
| WordPress Beta Tester Plugin | Install and activate the WordPress Beta Tester plugin on a WordPress install. Select the “Bleeding edge” channel and “Beta/RC Only” stream. |
| Direct Download | Download the Beta 1 version (zip) and install it on a WordPress website. |
| Command Line (WP-CLI) | Use this WP-CLI command: wp core update –version=6.8-beta1 |
| WordPress Playground | Use a 6.8 Beta 1 WordPress Playground instance to test the software directly in your browser. No setup required–-just click and go! |
The scheduled final release date for WordPress 6.8 is April 15, 2025. Your help testing Beta and RC versions over the next six weeks is vital to ensuring the final release is everything it should be: stable, powerful, and intuitive.
How important is your testing?
Testing for issues is a critical part of developing any software, and it’s a meaningful way for anyone to contribute—whether or not you have experience. Details on what to test in WordPress 6.8 are here.
If you encounter an issue, please share it in the Alpha/Beta area of the support forums. If you are comfortable submitting a reproducible bug report, you can do so via WordPress Trac. You can also check your issue against this list of known bugs.
Curious about testing releases in general and how to get started? Follow along with the testing initiatives in Make Core and join the #core-test channel on Making WordPress Slack.
WordPress 6.8 will include many new features that were previously only available in the Gutenberg plugin. Learn more about Gutenberg updates since WordPress 6.7 in the What’s New in Gutenberg posts for versions 19.4, 19.5, 19.6, 19.7, 19.8, 19.9, 20.0, 20.1, 20.2, 20.3, and 20.4.
What’s New in WordPress 6.8 Beta 1
This is a polish release, with user enhancements throughout incorporated into the latest Gutenberg updates. WordPress 6.8 brings a luster and gloss that only a polish release can.
WordPress 6.8 Beta 1 contains over 370 enhancements and 520 bug fixes for the editor, including design improvements, polishing the query loop, and more than 230 tickets for WordPress 6.8 Core. Here’s a glimpse of what’s coming:
Editor improvements
Easier ways to see your options in Data Views, and you can opt to ignore sticky posts in the Query Loop. Plus you’ll find lots of little improvements in the editor!
The Style Book comes to Classic themes
The Style Book now features a structured layout so you can preview site colors, typography, and block styles more easily. You can use the Style Book in classic themes with editor-styles or a theme.json file and includes clearer labels, and you can find them under Appearance > Design.
Support for Speculation browser API
WordPress 6.8 introduces native support for speculative loading, leveraging the Speculation Rules API to improve site performance with near-instant page loads. This feature prefetches or prerenders URLs based on user interactions, such as hovering over links, reducing load times for subsequent pages.
By default, WordPress 6.8 applies a conservative prefetching strategy, balancing performance gains with resource efficiency. Developers can customize speculative loading behavior using new filters, since the API does not include UI-based controls. The existing Speculative Loading feature plugin will adapt to the core implementation, allowing deeper customization. Please test this feature in supported browsers (currently Chrome 108+ and Edge 108+, with more browsers evaluating) and provide feedback on #62503 to help refine its implementation.
Major security boost
WordPress 6.8 will use bcrypt for password hashing, which significantly hardens WordPress. Other hashing is getting hardened, too, throughout the security apparatus. You won’t have to change anything in your daily workflow.
The features included in this first beta may change before the final release of WordPress 6.8, based on what testers like you find.
Get an overview of the 6.8 release cycle and check the Make WordPress Core blog for 6.8-related posts in the next few weeks for further details.
Caveat on testing 6.8 Beta 1 in versions older than 5.1
Due to an update made to the upgrade routine during this release, (see r59803), any upgrade from versions older than 5.1 will fail. Folks are working to resolve this specific issue, so please hold off on reporting on this while testing the Beta 1 release.
Vulnerability bounty doubles during Beta & Release Candidate
The WordPress community sponsors a monetary reward for reporting new, unreleased security vulnerabilities. This reward doubles during the period between Beta 1 on March 4, 2025 and the final Release Candidate (RC) scheduled for April 15, 2025. Please follow responsible disclosure practices as detailed in the project’s security practices and policies. You can find those on the HackerOne page and in the security white paper.
Just for you: a Beta 1 haiku
March winds shift the tide.
Hands unite in open source;
WordPress moves ahead.
Props to @audrasjb @marybaum @mamaduka @michelleames @bph @jorbin @joemcgill @krupajnanda @desrosj @benjamin_zekavica for reviewing and collaborating on this post!
Several security issues were fixed in cmark-gfm.