WordPress 3.1.3 [1] has been released and it contains security fixes and enhancements.
- Various security hardening by Alexander Concha [2].
- Taxonomy query hardening by John Lamansky [3].
- Prevent sniffing out user names of non-authors by using canonical redirects. Props VerĂ³nica Valeros [4].
- Media security fixes by Richard Lundeen of Microsoft [5], Jesse Ou of Microsoft [5], and Microsoft Vulnerability Research [6].
- Improves file upload security on hosts with dangerous security settings.
- Cleans up old WordPress import files if the import does not finish.
- Introduce “clickjacking” protection in modern browsers on admin and login pages.
Changelog: WordPress 3.1.3 [7]
Download: WordPress 3.1.3 [8]
Download: Modified files since WordPress 3.1.2 [9]