WordPress 3.1.3 has been released and it contains security fixes and enhancements.
- Various security hardening by Alexander Concha.
- Taxonomy query hardening by John Lamansky.
- Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
- Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
- Improves file upload security on hosts with dangerous security settings.
- Cleans up old WordPress import files if the import does not finish.
- Introduce “clickjacking” protection in modern browsers on admin and login pages.
Changelog: WordPress 3.1.3
Download: WordPress 3.1.3
Download: Modified files since WordPress 3.1.2
I have released WP-DBManager 2.62.
- Added Auto Repair functionality via WP Cron, similar to the current implementation of Backing Up & Optimizing DB
- Added nonce to all forms for added security
get_option('blogname') and make it goes through
- Ported the readme.html to readme.txt
Finally, Props to Joakim Jardenberg, Jonas Nordström and Andreas Viklund for finding and reporting the previous security vulnerability.
Download: WP-DBManager 2.62
WP-DBManager 2.61 has been released and it fixes a security vulnerability which will allow user to download your wp-config.php. If you do not use the default backup folder path, you are not affected by this.
However, most users are affected and it is recommended that you upgrade WP-DBManager to 2.61.
WP-DBManager 2.62 will be out on Tuesday with added nonce security and auto-repair functionality.
Sorry for any inconvenience caused.
Download: WP-DBManager 2.61