WordPress 3.5.1 was released on January 24, 2013 and is a maintenance and security update which addresses 37 bugs with version 3.5, which include:
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
The security issues addressed include:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
- Two instances of cross-site scripting via shortcodes and post content.
- A cross-site scripting vulnerability in the external library Plupload.
As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.
If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordSprung WordPress Upgrade Service.
Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 3.5.1. If you’d like to make sure your site is always up to date, please check out out WordSprung WordPress Maintenance Packages.