Just a quick note to let everyone know that a new version of WordPress was released (WP 2.3.3) to address some urgent security related issues and it is highly recommend that you upgrade to it as soon as you can. So far I’ve upgraded one of my sites and the upgrade went very smoothly. When I have more time, I’ll report back on how the upgrades have gone on the remainder of my sites - including this one - like many people with large WP sites, I’m always scared when performing an upgrade b/c there have been times in the past where they’ve caused issues that resulted in my site being down for 1+ days while I researched in the support forums how to get my site back up and running — this is one of my main complaints about WordPress even though I love it in almost all other ways. This is also why for those who are not technically inclined, I really recommend using a hosted blog service like TypePad or WordPress.com (if you want to use javascript or adsense ads, you’ll have to go for TypePad, which costs money as opposed to the free WordPress.com)

From the folks at WordPress:

An important security issue has been brought to the attention of the WordPress team and we have worked diligently to bring you a new stable release that addresses it. Our latest version 2.0.2 contains several bugfixes and security fixes.

I highly recommend that you download the newest release and upgrade your WordPress installation(s) ASAP (and backup your database before upgrading!).

For those of us with many blogs, this is one of those pains in the neck that makes you wish you had a hosted solution that did the upgrading for you. But all in all, the pros of getting all the features and customizability of the full version of WordPress makes it worth the hassle for those who are technically inclined enough to handle WordPress.

(The rest of you should check out WordPress.com — they’ve had a lot of upgrades lately, including new themes, WordPress Widgets, and more - which I’ll write about in a later post, but suffice it to say good things are happening over there )

BTW - It has not been clarified whether this security vulnerability which was found (and fixed) was in any way related to the supposed hacking of the WP 2.0 Theme Competition that was being hosted by kycap.com, but based on the dialog in the WordPress support forums it does appear that the KYCAP theme competition was a hoax, which, if true, is just evil. Fortunately, a new WordPress 2.0 Theme Competition has sprung out of this mess and is being run and judged by some of the more well known and respected (i.e., trustworthy) members of the WP community

One month to the day from when wordpress 2.0 first came out, the first wordpress point release to address the many needed bug fixes has come out. The team states that :

‘All in all we’ve closed 114 bugs in the 2.0.1 release, which you’re welcome to check out if you’re curious about every fix. To summarize:

• You can now specify an upload directory, and whether to use date-based storage or not.
• Caching has been fixed under certain PHP enviroments.
• Permalinks have been fixed for weird enviroments as well.
• XML-RPC uploading works.
• Compatibility with older versions of PHP.
• Several WYSIWYG fixes and cleanups.
• Imports now use much less memory.
• Now works with MySQL 5.0 in strict mode.’

Now, what’s ominously missing from this list of bug fixes is any mention of the problems with trackbacks, which is my main hesitation for upgrading all my wordpress blogs. Yet in reading through the complete list of fixes, it appears the trackback problems were fixed — see tickets 2197 and 2170 — I must say that I don’t know why the WordPress team didn’t emphasize that in their bulleted list of fixes. In any case, I’m thrilled to hear it’s been fixed — YAY! Hopefully this means I can seriously contemplate moving my blog from TypePad to WordPress. Unfortunately, TypePad doesn’t support functionality for 301 permanent redirects, which are what would be necessary to tell the search engines that my blog has moved (and word to the wise and newbie alike — don’t ever make the mistake that I did and use a subdomain off a typepad.com, wordpress.com, etc account if you think there’s ever the slightest chance you’d like to use your own domain name down the road, or heaven forbid switch to a different blogging system altogether — moving How to Blog is gonna be one hell of a nightmare, but the benefits that WordPress provides may make it worth it…still on the fence)

In any case, you can download WordPress 2.0.1 here.

Technorati Tags: wordpress 2.0.1, new wordpress, wordpress bug fixes, wordpress release

Over at Something Unpredictable, under the post entitled, “What’s Already Broke in 2.0“, there’s a lively discussion about why WordPress 2.0 was released when:

“Many people knew that it was terribly broken. Many people begged on the wp-hackers list, the wp-forums list, the wp-testers list, and at the last IRC meetup to get the release delayed The release candidates were severly broken for a number of people, the rate of bug reporting and committing over the past two weeks is staggering. With all the changes going in, nobody stopped to take the time to test for regressions caused by the changes. Its 1.5 all over again.”

One commenter, Olly, pointed out:

“To be fair to them they have the problems that most commercial developers of popular software find, and that’s that no matter how much beta testing they do, the program will inevitably get hundreds of hours more use on the day of release than they could possibly to in the whole of testing.”

To be clear, these are indeed problems that even commercial developers face. And having worked for several years as a Software Quality Assurance Engineer for a major software company, I can tell you for a fact that expensive commercial software ships with MANY known bugs. The sad truth is that there is no such thing as bug-free software. Introducing new features, and even performing bug fixes, often break existing features (which is why regression testing is so critical). However, in the commercial software world, even when the programmers and the testers are wanting to push back the release date, it’s often the marketing department that controls when the software ‘goes gold’ - unless you found what was known as a ’stop ship bug’, which would only be a bug that would be easily encountered by a regular user AND would be bad enough to crash either the program or their entire system. Beyond that, it was do whatever it takes to get the product out the door on time (even if that means working yourself to death), and sorry ’bout the bugs that still remain.

Nonetheless, even with the idea of being ‘bug-free’ being thrown out as an impossibility, it still stands to reason that users can only tolerate a certain degree of bugginess in a product before the uproar starts. And if many of those bugs turn out to have been known for weeks or months before the release, it does beg the question as to WHY was this product released so early? Given that it is an open-source, community backed FREE piece of software, there is no monsterous marketing team breathing down your back to finish the software that they already SOLD to many customers (and promised them a ship date). There are no numbers that your sales team has to make for any particular quarter, and no shareholders to appease. So far as I can tell, there is no monetary reason to deliver the product before it is truly ready.

Also, I don’t know how open-source projects (and WordPress in particular) work when it comes to Quality Assurance - is there even a QA department, or is everyone associated with the project just expected to do continual bug testing and keep their eyes peeled for problems and anomilies? If it is the latter, that could explain somewhat why there are so many more bugs being found now that the release version has been delivered. There’s more to software testing than just looking for bugs. It involves creating test plans, regression testing, negative testing (wherein you do things with the software that you’re not supposed to and see if it handles the problem gracefully), etc. And different people need to be assigned to different areas of the software so that they are focused and really become experts in their area. It was hard enough to do with a team of well paid developers - I honestly don’t know how you get that done when it’s all volunteer effort (although I’m not saying that the WP team hasn’t incorporated all of these areas of testing as I’m not in a position to know).

But given that it is an opensource project, and apparently reliant on much of its userbase for unearthing the bugs, it would behoove both the WP community and the WordPress team to provide clear and easy to use directions on how to search for a bug in Trac and, if it’s not already listed there, enter it yourself. I’d venture to say that less than 5% of users know about Trac (WordPress’s bug tracking software), nevermind how to submit a bug they’ve found. (I just submitted my first bug: Ticket #2218: Pop-up window for inserting hyperlinks truncated on FireFox 1.5)

On wordpress.com, there is a handy little ‘Feedback’ button that appears on every admin screen designed for sending ‘bugs and hugs’, which I though was really great. I don’t know why that was omitted from WordPress 2.0 - it’s a great way for the WordPress team to interact with those WordPress users who don’t hang out in the support forums, etc.

In sum, any software project of this scope and with this large of a user base is extraordinary challenging to QA, even in the commercial world. I’d imagine it’s that much more difficult to do when everyone is working on a volunteer basis. That said, open source software has a luxury that commercial software doesn’t in that you don’t have to get the product out by a certain date in order to meet your numbers for a certain fiscal period. Any .0 release is a major release, and should have enough new features and bug fixes as well as improved existing functionality to entice existing users to upgrade. As TheBisch has mentioned, I’m not sure the features in 2.0 are compelling enough to get existing users to upgrade, especially when there are so many bugs and broken plugins, not to mention that it is likely that we’ll be seeing 2.0.1 and 2.0.2, if not 2.0.3 coming down the line shortly and have to upgrade again and ugain, all with potential upgrade fiascos (after all, that’s what we experienced with the 1.5 release, and that one seemed more stable than 2.0…) Which leaves me wondering - why was WordPress 2.0 released when there were people purportedly begging to push back the release date until more bugs were resolved??

The official release version of WordPress 2.0 is now available for download and install/upgrade.

I haven’t personally had a chance yet to do either a clean install or an upgrade, but will definately report my first-hand experiences as time permits.

As for what’s new in WordPress 2.0, there has been a major overhaul to both the user interface and the back end. WYSIWYG editing is now built into WP. The handling of uploading of images/audio/video for inclusion in your posting is streamlined and much improved. Posting is supposedly faster, and you can even resize the rich text editor’s box on the fly. Post previews now show how your post will look with your current theme applied. MAJOR improvements to spam handling. And of course, lots of bug fixes (among other things).

Here are some guides to help make your upgrade smoother - make sure you backup your database and your wp-config.php file BEFORE you do anything else!!!:

• Tamba2’s upgrade guide
• The WordPress Codex’s upgrade guide

Dinner’s on the table, so I’ve got to run - more for you on WP 2.0 tomorrow! AND HAPPY NEW YEAR EVERYONE!!