{"id":478,"date":"2014-08-07T08:49:52","date_gmt":"2014-08-07T00:49:52","guid":{"rendered":"http:\/\/lesterchan.net\/wordpress\/?p=478"},"modified":"2014-08-07T08:51:12","modified_gmt":"2014-08-07T00:51:12","slug":"wordpress-3-9-2","status":"publish","type":"post","link":"https:\/\/lesterchan.net\/wordpress\/2014\/08\/07\/wordpress-3-9-2\/","title":{"rendered":"WordPress 3.9.2"},"content":{"rendered":"<p><a href=\"http:\/\/wordpress.org\/news\/2014\/08\/wordpress-3-9-2\/\">WordPress 3.9.2<\/a> has been released and it is a security release and hence it is recommended that you update your site immediately.<\/p>\n<blockquote>\n<p>This release fixes a possible denial of service issue in PHP\u2019s XML processing, reported by <a href=\"https:\/\/twitter.com\/nirgoldshlager\">Nir Goldshlager<\/a> of the Salesforce.com Product Security Team. It&nbsp;&nbsp;was fixed by Michael Adams and Andrew Nacin of the WordPress security team and&nbsp;David Rothstein of the <a href=\"https:\/\/www.drupal.org\/SA-CORE-2014-004\">Drupal security team<\/a>. This is the first time our two projects have coordinated on joint security releases.<\/p>\n<p>WordPress 3.9.2 also contains other security changes:<\/p>\n<ul>\n<li>Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by <a href=\"http:\/\/www.buayacorp.com\/\">Alex Concha<\/a> of the WordPress security team.<\/li>\n<li>Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by <a href=\"http:\/\/onsec.ru\/en\/\">Ivan Novikov<\/a>&nbsp;of ONSec.<\/li>\n<li>Adds protections against brute attacks against CSRF tokens, reported by <a href=\"http:\/\/systemoverlord.com\/\">David Tomaschik<\/a> of the Google Security Team.<\/li>\n<li>Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.<\/li>\n<\/ul>\n<p>We appreciated responsible disclosure of these issues directly to our security team. For more information, see the <a href=\"http:\/\/codex.wordpress.org\/Version_3.9.2\">release notes<\/a> or consult the <a href=\"https:\/\/core.trac.wordpress.org\/log\/branches\/3.9?stop_rev=29383&amp;rev=29411\">list of changes<\/a>.<\/p>\n<\/blockquote>\n<p>Download <a href=\"https:\/\/wordpress.org\/download\/\">WordPress 3.9.2<\/a> now or go to <strong>Dashboard -> Updates<\/strong> and click &#8220;Update Now&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress 3.9.2 has been released and it is a security release and hence it is recommended that you update your site immediately. This release fixes a possible denial of service issue in PHP\u2019s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It&nbsp;&nbsp;was fixed by Michael Adams and Andrew Nacin of the &hellip; <a href=\"https:\/\/lesterchan.net\/wordpress\/2014\/08\/07\/wordpress-3-9-2\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;WordPress 3.9.2&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[147,28],"class_list":["post-478","post","type-post","status-publish","format-standard","hentry","category-wordpress","tag-3-9","tag-release"],"views":8167,"_links":{"self":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/posts\/478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/comments?post=478"}],"version-history":[{"count":0,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/posts\/478\/revisions"}],"wp:attachment":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/media?parent=478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/categories?post=478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/tags?post=478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}