WordPress.org

Version 4.1 of WordPress, named “Dinah” in honor of jazz singer Dinah Washington, is available for download or update in your WordPress dashboard. New features in WordPress 4.1 help you focus on your writing, and the new default theme lets you show it off in style.

---

Introducing Twenty Fifteen

Our newest default theme, Twenty Fifteen, is a blog-focused theme designed for clarity.

Twenty Fifteen has flawless language support, with help from Google’s Noto font family.

The straightforward typography is readable on any screen size.

Your content always takes center stage, whether viewed on a phone, tablet, laptop, or desktop computer.

---

Distraction-free writing

Just write.

Sometimes, you just need to concentrate on putting your thoughts into words. Try turning on distraction-free writing mode. When you start typing, all the distractions will fade away, letting you focus solely on your writing. All your editing tools instantly return when you need them.

---

The Finer Points

Choose a language

Right now, WordPress 4.1 is already translated into over forty languages, with more always in progress. You can switch to any translation on the General Settings screen.

Log out everywhere

If you’ve ever worried you forgot to sign out from a shared computer, you can now go to your profile and log out everywhere.

Vine embeds

Embedding videos from Vine is as simple as pasting a URL onto its own line in a post. See the full list of supported embeds.

Plugin recommendations

The plugin installer suggests plugins for you to try. Recommendations are based on the plugins you and other users have installed.

---

Under the Hood

Complex Queries

Metadata, date, and term queries now support advanced conditional logic, like nested clauses and multiple operators — A AND ( B OR C ).

Customizer API

The customizer now supports conditionally showing panels and sections based on the page being previewed.

<title> tags in themes

add_theme_support( 'title-tag' ) tells WordPress to handle the complexities of document titles.

Developer Reference

Continued improvements to inline code documentation have made the developer reference more complete than ever.

---

The Choir

This release was led by John Blackbourn, with the help of these awesome folks. Check out some of their profiles while listening to Dinah Washington on the music service of your choice:

Aaron D. Campbell, Aaron Jorbin, Adam Silverstein, akumria, Alex Concha, Alex Mills (Viper007Bond), Alex Shiels, Allan Collins, Amaury Balmer, Amruta Bhosale, Andrea Fercia, Andrea Gandino, Andrew Munro (sumobi), Andrew Nacin, Andrew Ozz, Andrew Ryno, Andrey "Rarst" Savchenko, Ankit Gade, Ankit K Gupta, antpb, arippberger, Austin Matzko, Bainternet, Barry Kooij, Ben Dunkle, Ben May, Bernhard Riedl, Birgir Erlendsson (birgire), bobbingwide, Boone B. Gorges, Brady Vercher, Bram Duvigneau, Brandon Kraft, Brian DiChiara, Brian Richards, Brian Watson, Camden Segal, Captain Theme, Carlos, Caspie, ccprice, Charles Fulton, ChriCo, Chris Aprea, Chris Jean, Chris Marslender, Chris Reynolds, chriscct7, chrisl27, Christian Foellmann, Christopher Finke, Corey Snow, Corphi, curtjen, Damon Cook, Dan Cameron, Daniel Bachhuber, Daniel Convissor, Darren Ethier (nerrad), Daryl Koopersmith, Dave McHale, David A. Kennedy, David Herrera, David Laietta, David Wood, DavidTheMachine, dcavins, Dennis Ploetner, Dion Hulse, Dirk Weise, Dominik Schilling, Dominik Schwind, Drew Jaynes, Dustin Filippini, Dustin Hartzler, Elio Rivero, Eric Binnion, Eric Holmes, Eric Lewis, Fabien Quatravaux, florianziegler, Gabe Shackle, Gary Cao, Gary Pendergast, Gennady Kovshenin, George Olaru, George Stephanis, Greg Rickaby, Gregory Cornelius, Gregory Karpinsky (@tivnet), Gustavo Bordoni, hardy101, hauvong, Helen Hou-Sandí, heshiming, honeysilvas, hugodelgado, Ian Stewart, ianmjones, Ignacio Cruz Moreno, imath, Ipstenu (Mika Epstein), Ivan Kristianto, J.D. Grimes, jaimieolmstead, jakub.tyrcha, janhenckens, Janneke Van Dorpe, Japh, Jared Wenerd, jarednova, jeanyoungkim, Jeff Farthing, Jeff Stieler, Jeremy Felt, Jeremy Herve, Jesin A, Jesper Johansen (jayjdk), Jesper van Engelen, Jesse Pollak, jipmoors, Joe Dolson, Joe McGill, John Eckman, johnrom, johnstonphilip, Jon Brown, Jon Cave, Jonathan Brinley, Jonathan Desrosiers, Joost de Valk, Jordi Cabot, Joshua Abenazer, JOTAKI Taisuke, jrf, Julien Liabeuf, Justin Sainton, Justin Sternberg, K.Adam White, Kailey (trepmal), kamelkev, karpstrucking, keesiemeijer, Kelly Dwan, Kevin Langley, Kiko Doran, Kim Parsell, Kirk Wight, kitchin, Kite, Knut Sparhell, Konstantin Kovshenin, Konstantin Obenland, Kostas Vrouvas, kraftner, kristastevens, Kurt Payne, Lance Willett, Laurens Offereins, linuxologos, Liuiza Arunas, loushou, Lutz Schroer, Manoz69, mantismamita, Marco Schmoecker, Mario Peshev, Marius (Clorith), Mark Hudnall, Mark Jaquith, Mark Senff, Marko Heijnen, marsjaninzmarsa, Matias Ventura, Matt Mullenweg, Matt Wiebe, Matthew Boynes, Matthew Haines-Young, mattkeys, Maura Teal, Mel Choyce, Mert Yazicioglu, Michael Adams (mdawaffe), Michael Arestad, Michael Beckwith, Michael Cain, Michael Pick, michalzuber, Michelle Langston, Miguel Fonseca, Mike Hansen, Mike Jolley, Mike Nelson, Mike Schroder, Mikey Arce, Mitch Canter (studionashvegas), Morgan Estes, Morten Rand-Hendriksen, mvd7793, Nashwan Doaqan, Niall Kennedy, Nick Halsey, Nikhil Vimal (NikV), Nikola Nikolov, nobleclem, noplanman, Nowell VanHoesen, OriginalEXE, p_enrique, Paul, Paul de Wouters, Paul Schreiber, Paul Wilde, pavelevap, Peter Chester, Peter J. Herrel, Peter Westwood, Peter Wilson, Philip Arthur Moore, phpmypython, Pippin Williamson, Prasath Nadarajah, psycleuk, Ptah Dunbar, quietnic, Rachel Baker, Rami Yushuvaev, ramiabraham, Reuben Gunday, Rian Rietveld, Richard Archambault, Ricky Lee Whittemore, Robert Chapin, Rodrigo Primo, Ryan Boren, Ryan Kienstra, Ryan McCue, Sakin Shrestha, Sam Hotchkiss, Samuel Wood (Otto), Scott Kingsley Clark, Scott Reilly, Scott Taylor, Sergey Biryukov, Shawn Hooper, Simon Pollard, Simon Wheatley, skaeser, Slobodan Manic, socki03, solarissmoke, Stephane Daury, Stephen Edgar, Stephen Harris, Steve Grunwell, Sumit Singh, TacoVerdo, Takashi Irie, Takayuki Miyauchi, Tammie, Tareq Hasan, Taylor Lovett, Thorsten Frommen, Till Kruss, Tobias Schutter, TobiasBg, Toby McKes, Tom J Nowell, Tomas Mackevicius, TomHarrigan, Topher, Torsten Landsiedel, Tracy Levesque, transom, Travis Smith, Ty Carlson, Udit Desai, Umesh Kumar, Vinod Dalvi, vlajos, voldemortensen, Weston Ruter, Yoav Farhi, Yuta Sekine, Zack Rothauser, and Zack Tollman.

There were 283 contributors to this release, again a new high.

If you want to help out or follow along, check out Make WordPress and our core development blog.

Thanks for choosing WordPress. Happy holidays and see you next year for version 4.2!

The next release candidate for WordPress 4.1 is now available for testing.

Seventy changes have gone in since the first release candidate. With no known issues left, we plan to release 4.1 tomorrow, December 18.

To test, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 4.1, visit the updated About screen in your dashboard ( → About in the toolbar) and also check out the Beta 1 post.

Plugin authors: Remember to test your plugins against 4.1, and if they’re compatible, make sure they are marked as tested up to 4.1. Be sure to follow along the core development blog; we’ve been posting notes for developers for 4.1 as always.

The release candidate for WordPress 4.1 is now available.

We’ve made a lot of refinements over the last few weeks. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.1 on Tuesday, December 16, but we need your help to get there. If you haven’t tested 4.1 yet, now is the time! (Please though, not on your live site unless you’re adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta support forum. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.1 RC1, you can use the WordPress Beta Tester plugin or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 4.1, visit the About screen in your dashboard ( → About in the toolbar) or check out the beta announcement.

Developers, please test your plugins and themes against WordPress 4.1 and update your plugin’s Tested up to version in the readme to 4.1 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.

Be sure to follow along the core development blog, where we’ll continue to post notes for developers for 4.1. (For example: if you’ve written a child theme for Twenty Fifteen, some of the new pagination functions have been renamed for clarity.)

Testing four point one
Why are we up at this hour?
Code is poetry

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

• Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
• A cross-site request forgery that could be used to trick a user into changing their password.
• An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
• Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
• An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
• WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.0.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Already testing WordPress 4.1? The second beta is now available (zip) and it contains these security fixes. For more on 4.1, see the beta 1 announcement post.

Welcome, everyone, to WordPress 4.1 Beta 1!

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

WordPress 4.1 is due for release next month, so we need your help with testing. Here are some highlights of what to test:

• Our beautiful new default theme, Twenty Fifteen. It’s a clean, mobile-first, blog-focused theme designed through simplicity.
• A new distraction-free writing mode for the editor. It’s enabled by default for beta, and we’d love feedback on it.
• The ability to automatically install new language packs right from the General Settings screen (available as long as your site’s filesystem is writable).
• A new inline formatting toolbar for images embedded into posts.

There have been a lot of changes for developers to test as well:

• Improvements to meta, date, comment, and taxonomy queries, including complex (nested, multiple relation) queries; and querying comment types (#12668).
• A single term shared across multiple taxonomies is now split into two when updated. For more, see this post, #5809, and #30335.
• A new and better way for themes to handle title tags.
• Several improvements to the Customizer API, including contextual panels and sections, and JavaScript templates for controls.

If you want a more in-depth view of what changes have made it into 4.1, check out the weekly review posts on the main development blog.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed so far.

Happy testing!

Twenty Fifteen theme
The beautiful face which hides
Many improvements

WordCamp San Francisco is the official annual WordPress conference, gathering the community every year since 2006. This is the time when Matt Mullenweg addresses the community in his annual State of the Word presentation – a recap of  the year in WordPress and giving us a glimpse into its future.

This year the speaker lineup is stellar. There will be talks by three of the lead WordPress developers: Andrew Nacin, Helen Hou-Sandí, and Mark Jaquith. We’re also looking forward to speakers like Jenny Lawson, also known as The Bloggess, and Chris Lema. If you’re at all interested in the web, you will appreciate the appearance of Jeff Veen – one of the creators of Google Analytics and co-founder of Typekit.

Even though San Francisco is far far away for most of you, you can still be part of the fun and watch all presentations in real-time via livestream:

Get a livestream ticket and watch all talks from WordCamp San Francisco live

If you hurry, you can get one of the special livestream tickets, including a WordCamp San Francisco 2104 t-shirt. You can find all the technical details and start times at the WordCamp San Francisco website.

Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleader Benny Goodman, is available for download or update in your WordPress dashboard. While 4.0 is just another number for us after 3.9 and before 4.1, we feel we’ve put a little extra polish into it. This release brings you a smoother writing and management experience we think you’ll enjoy.

---

Manage your media with style

Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.

---

Working with embeds has never been easier

Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

We’ve expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.

---

Focus on your content

Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.

---

Finding the right plugin

There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.

---

The Ensemble

This release was led by Helen Hou-Sandí, with the help of these fine individuals. There are 275 contributors with props in this release, a new high. Pull up some Benny Goodman on your music service of choice, as a bandleader or in one of his turns as a classical clarinetist, and check out some of their profiles:

Aaron D. Campbell, Aaron Jorbin, Adam Silverstein, Alex Mills (Viper007Bond), Alex Shiels, Alexander Rohmann, Alison Barrett, Allan Collins, Amit Gupta, Amy Hendrix (sabreuse), Andrea Fercia, Andres Villarreal, Andrew Mowe, Andrew Munro (sumobi), Andrew Nacin, Andrew Ozz, Andy Skelton, Ankit K Gupta, Anton Timmermans, arnee, Aubrey Portwood, Austin Matzko, Ben Dunkle, Bernhard Kau, Boone Gorges, Brady Vercher, Bram Duvigneau, Brandon Kraft, Brian Krogsgard, Brian Layman, Brian Richards, Camden Segal, Caroline Moore, Charles Fulton, Chouby, ChriCo, Chris Olbekson, chrisl27, Christian Axelsson, Christopher Finke, Christopher Spires, Clifton Griffin, Corey McKrill, Corphi, Daisuke Takahashi, Dan Griffiths, Daniel Bachhuber, Daniel Husken, Daniel Jalkut (Red Sweater), Danny de Haan, Darin Kotter, Daryl Koopersmith, Daryl L. L. Houston (dllh), David A. Kennedy, David Herrera, David Naber, DavidTheMachine, DeBAAT, Dion Hulse, Dominik Schilling, Donncha O Caoimh, Drew Jaynes, Dustyn Doyle, Eddie Moya, Eduardo Reveles, Edwin Siebel, ehg, Enrique Chavez, erayalakese, Eric Andrew Lewis, Eric Binnion, Eric Mann, Evan Anderson, Evan Herman, Fabien Quatravaux, Fahmi Adib, feedmeastraycat, Frank Klein, garhdez, Gary Cao, Gary Jones, Gary Pendergast, garza, gauravmittal1995, Gavrisimo, George Stephanis, Graham Armfield, Grant Mangham, Gregory Cornelius, Gustavo Bordoni, harrym, hebbet, Hinnerk Altenburg, Hugh Lashbrooke, iljoja, imath, Ipstenu (Mika Epstein), issuu, J.D. Grimes, Jack Lenox, Jack Reichert, Jacob Dubail, JanHenkG, Janneke Van Dorpe, Jared Wenerd, Jaza613, Jeff Stieler, Jeremy Felt, Jeremy Pry, Jeroen Schmit, Jerry Bates (jerrysarcastic), Jesin A, Jesper Johansen (jayjdk), Jesper van Engelen, Jesper van Engelen, Jesse Pollak, jgadbois, Joan Artes, Joe Dolson, Joe Hoyle, Joey Kudish, John Blackbourn, John James Jacoby, John Zanussi, Jon Cave, jonnyauk, Joost de Valk, Jordi Cabot, Josh Eaton, JOTAKI Taisuke, Julio Potier, Justin Sainton, Justin Sternberg, Justin Tadlock, K.Adam White, Kailey (trepmal), kapeels, Kelly Dwan, Kevin Langley, Kevin Worthington, Kim Parsell, Kirk Wight, kitchin, Kite, Knut Sparhell, Konstantin Kovshenin, Konstantin Obenland, Kurt Payne, Lance Willett, Lee Willis, lessbloat, Lew Ayotte, lritter, Luke Carbis, Luke Gedeon, m_i_n, Manny Fleurmond, Manuel Schmalstieg, Marius (Clorith), Mark Jaquith, Marko Heijnen, Matt Banks, Matt Martz, Matt Mullenweg, Matt Wiebe, Matthew Boynes, Matthew Denton, Matthew Eppelsheimer, Matthew Haines-Young, mattyrob, meekyhwang, Mel Choyce, Michael Adams (mdawaffe), michalzuber, midxcat, Mike Auteri, Mike Hansen, Mike Jolley, Mike Little, Mike Manger, Mike Nelson, Mike Schroder, Mikey Arce, Milan Dinic, Morgan Estes, Mr Papa, mrmist, Mustafa Uysal, MuViMoTV, nabil_kadimi, Namibia, Nashwan Doaqan, nd987, Neil Pie, Niall Kennedy, Nick Halsey, Nikolay Bachiyski, Nils Schonwald, Ninos, Nowell VanHoesen, Patrick Hesselberg, Paul Bearne, Paul Clark, Paul Schreiber, Paul Wilde, pavelevap, Peter Westwood, Philip Arthur Moore, Philip John, Piet Bos, Piotr Soluch, Pippin Williamson, purzlbaum, Rachel Baker, RC Lations, Richard Tape, Ricky Lee Whittemore, rob1n, Robert Chapin, Robert Dall, RobertHarm, Rohan Rawat, Rouven Hurling, Ruud Laan, Ryan Boren, Ryan McCue, Sam Brodie, Samuel Wood (Otto), Sathish Nagarajan, Scott Reilly, Scott Taylor, ScreenfeedFr, scribu, Sean Hayes, Sean Nessworthy, Sergej Muller, Sergey Biryukov, shanebp, Sharon Austin, Shaun Andrews, Simon Pollard, Simon Wheatley, Slobodan Manic, solarissmoke, sphoid, Stephane Daury, Stephen Edgar, Steven Jones, strangerstudios, Sumit Singh, t4k1s, Takashi Irie, Taylor Dewey, Thomas van der Beek, Till Kruss, Tim 'Eli' Dalbey, TobiasBg, Tom J Nowell, Tom Willmot, Topher, torresga, Tracy Levesque, Travis Smith, treyhunner, Umesh Kumar, Vinod Dalvi, vlajos, voldemortensen, Weston Ruter, winterDev, Wojtek Szkutnik, Yoav Farhi, Zack Katz, Zack Tollman, and Zoe Rooney. Also thanks to Michael Pick for producing the release video, and Helen with Adrián Sandí for the music.

If you want to follow along or help out, check out Make WordPress and our core development blog. Thanks for choosing WordPress. See you soon for version 4.1!

The first release candidate for WordPress 4.0 is now available!

In RC 1, we’ve made refinements to what we’ve been working on for this release. Check out the Beta 1 announcement post for more details on those features. We hope to ship WordPress 4.0 next week, but we need your help to get there. If you haven’t tested 4.0 yet, there’s no time like the present. (Please, not on a production site, unless you’re adventurous.)

Think you’ve found a bug? Please post to the Alpha/Beta area in the support forums. If any known issues come up, you’ll be able to find them here.

To test WordPress 4.0 RC1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 4.0, visit the awesome About screen in your dashboard ( → About in the toolbar).

Developers, please test your plugins and themes against WordPress 4.0 and update your plugin’s Tested up to version in the readme to 4.0 before next week. If you find compatibility problems, please be sure to post any issues to the support forums so we can figure those out before the final release. You also may want to give your plugin an icon, which we launched last week and will appear in the dashboard along with banners.

It is almost time
For the 4.0 release
And its awesomeness

The fourth and likely final beta for WordPress 4.0 is now available. We’ve made more than 250 changes in the past month, including:

• Further improvements to the editor scrolling experience, especially when it comes to the second column of boxes.
• Better handling of small screens in the media library modals.
• A separate bulk selection mode for the media library grid view.
• Improvements to the installation language selector.
• Visual tweaks to plugin details and customizer panels.

We need your help. We’re still aiming for a release this month, which means the next week will be critical for identifying and squashing bugs. If you’re just joining us, please see the Beta 1 announcement post for what to look out for.

If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums, where friendly moderators are standing by. Plugin developers, if you haven’t tested WordPress 4.0 yet, now is the time — and be sure to update the “tested up to” version for your plugins so they’re listed as compatible with 4.0.

This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.0, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).

We are working hard
To finish up 4.0
Will you help us too?

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.

WordPress 3.9.2 also contains other security changes:

• Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
• Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
• Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
• Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 or venture over to Dashboard → Updates and simply click “Update Now”.

Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also be updated to 3.8.4 or 3.7.4. We don’t support older versions, so please update to 3.9.2 for the latest and greatest.)

Already testing WordPress 4.0? The third beta is now available (zip) and it contains these security fixes.