September 3, 2014

WordPress 3.9.2 Security Release: UPGRADE NOW

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time the two projects have coordinated joint security releases.

WordPress 3.9.2 also contains other security changes:

  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.
  • For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 or venture over to Dashboard → Updates and simply click “Update Now”.

Sites that support automatic background updates will be updated to WordPress 3.9.2 within 12 hours. (If you are still on WordPress 3.8.3 or 3.7.3, you will also be updated to 3.8.4 or 3.7.4. Older WordPress versions are not supported, so please update to 3.9.2.)

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 3.9.2.  If you’d like to make sure your site is always up to date, please check out out WordPress Maintenance Packages.

OIOpublisher Coupon Code for August 2014

We have a new OIOpublisher coupon code for August 2014. Now through August 31st, 2014 you can purchase OIOpublisher* for just $37 (normally $47) by using coupon code “HOT14-WSHED” (no quotes).

If you’re unfamiliar with OIOpublisher, it is a PHP based ad platform with a focus on performance, control and ease of use. It allows you to easily serve advertising on your blog or website and keep 100% of the revenue you bring in. For those of you using WordPress, it includes a plugin that allows for easy integration. And if you need consulting help setting it up, please contact us.

[Read more...]

WordPress 3.6.1 Released September 11, 2013

WordPress version 3.6.1 was released on September 11, 2013 and is a maintenance release that fixes 13 bugs in version 3.6.

WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, they’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordSprung WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 3.6.1.  If you’d like to make sure your site is always up to date, please check out out WordSprung WordPress Maintenance Packages.

WordPress 3.6

WordPress 3.6, “Oscar”, was released on August 1, 2013 and is a major release that  includes a beautiful new blog-centric theme, bullet-proof autosave and post locking, a revamped revision browser, native support for audio and video embeds, and improved integrations with Spotify, Rdio, and SoundCloud.

User Features

  • The new Twenty Thirteen theme inspired by modern art puts focus on your content with a colorful, single-column design made for media-rich blogging.
  • Revamped Revisions save every change and the new interface allows you to scroll easily through changes to see line-by-line who changed what and when.
  • Post Locking and Augmented Autosave will especially be a boon to sites where more than a single author is working on a post. Each author now has their own autosave stream, which stores things locally as well as on the server (so much harder to lose something) and there’s an interface for taking over editing of a post, as demonstrated beautifully by our bearded buddies in the video above.
  • Built-in HTML5 media player for native audio and video embeds with no reliance on external services.
  • The Menu Editor is now much easier to understand and use.

Developer features

  • A new audio/video API gives you access to metadata like ID3 tags.
  • You can now choose HTML5 markup for things like comment and search forms, and comment lists.
  • Better filters for how revisions work, so you can store a different amount of history for different post types.
  • Tons more listed on the Codex, and of course you can always browse the over 700 closed tickets.

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordSprung WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 3.5.  If you’d like to make sure your site is always up to date, please check out out WordSprung WordPress Maintenance Packages.

OIOpublisher Coupon Code for August 2013

Now through August 31st, 2013 you can purchase OIOpublisher* for just $37 (normally $47) by using coupon code “RAINBOW-WSHED” (no quotes).

If you’re unfamiliar with OIOpublisher, it is a PHP based ad platform with a focus on performance, control and ease of use. It allows you to easily serve advertising on your blog or website and keep 100% of the revenue you bring in. For those of you using WordPress, it includes a plugin that allows for easy integration. And if you need consulting help setting it up, please contact us.

[Read more...]