WordPress 3.5.2 has been released and this is a security fix which fixes 12 bugs including the following security issues:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki.
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
- Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
- Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.
You ae advised to upgrade immediately.
Download: WordPress 3.5.2 or visit Dashboard -> Updates in your site admin to update now.
WordPress 3.5 is out after 6 RCs!
If you’ve been around WordPress a while, the most dramatic new change you’ll notice is a completely re-imagined flow for uploading photos and creating galleries. Media has long been a friction point and we’ve listened hard and given a lot of thought into crafting this new system. 3.5 includes a new default theme, Twenty Twelve, which has a very clean mobile-first responsive design and works fantastic as a base for a CMS site. Finally we’ve spent a lot of time refreshing the styles of the dashboard, updating everything to be Retina-ready with beautiful high resolution graphics, a new color picker, and streamlining a couple of fewer-used sections of the admin.
Codex: WordPress 3.5
Download: WordPress 3.5
WordPress 3.4.2 has been release and it is both a maintenance release that fixes 21 bugs and security release that fixes vulnerabilities that includes potential privilege escalation and a bug that affects multisite installs with untrusted users.
Some of the 21 bugs include:
- Fix some issues with older browsers in the administration area.
- Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
- Improve plugin compatibility with the visual editor.
- Address pagination problems with some category permalink structures.
- Avoid errors with both oEmbed providers and trackbacks.
- Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download: WordPress 3.4.2
Auto Update: Dashboard -> Updates
WordPress 3.4.1 has been release and it is both a maintenance release that fixes 18 bugs and security release that fixes vulnerabilities that relates to multisite installs with untrusted users.
Some of the 18 bugs include:
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
Download: WordPress 3.4.1
Auto Update: Dashboard -> Updates
WordPress 3.4 has been released.
The biggest change in 3.4 is the theme customizer which allows you to play around with various looks and settings for your current theme or one you’re thinking about switching to without publishing those changes to the whole world. For themes that support it, you can change colors, backgrounds, and of course custom image headers. We have more planned for the customizer down the road.
Throughout the rest of the admin you’ll notice tweaks to make your everyday life easier. For example, if you have lots of themes we’ve made it quicker to browse them all at once without paging. We’ve made it possible to use images from your media library to populate custom headers, and for you to choose the height and width of your header images.
We’ve expanded our embed support to include tweets: just put a Twitter permalink on its own line in the post editor and we’ll turn it into a beautiful embedded Tweet. And finally, image captions have been improved to allow HTML, like links, in them.
There are hundreds of under-the-hood improvements in this release, notably in the XML-RPC, themes, and custom header APIs, and significant performance improvements in WP_Query and the translation system. The Codex has a pretty good summary of the developer features, and you can always dive into Trac directly.
Download: WordPress 3.4
PS: My plugins should work with WordPress 3.4, if you discovered any bug, just drop me an email, lesterchan AT gmail.