WordPress 3.3.2 is accessible now and is a safety replace for all earlier variations.
Three exterior libraries included in WordPress obtained safety updates:
- Plupload (model 1.5.4), which WordPress makes use of for importing media.
- SWFUpload, which WordPress beforehand used for importing media, and should be in use by plugins.
- SWFObject, which WordPress beforehand used to embed Flash content material, and should be in use by plugins and themes.
WordPress 3.3.2 additionally addresses:
- Restricted privilege escalation the place a web site administrator may deactivate network-wide plugins when operating a WordPress community beneath explicit circumstances, disclosed by Jon Cave of our WordPress core safety workforce, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting feedback in older browsers, and when filtering URLs. Due to Mauro Gentile for responsibly disclosing these points to the safety workforce.
These points had been mounted by the WordPress core safety workforce. 5 different bugs had been additionally mounted in model 3.3.2. Seek the advice of the change log for extra particulars.
Download WordPress 3.3.2 or replace now from the Dashboard → Updates menu in your web site’s admin space.
WordPress 3.4 Beta 3 additionally accessible
Our improvement of WordPress 3.4 improvement continues. In the present day we’re proud to launch Beta 3 for testing. Nearly 90 changes have been made since Beta 2, launched 9 days in the past. (We’re aiming for a beta each week.)
That is nonetheless beta software program, so we don’t advocate that you simply apply it to manufacturing websites. However if you happen to’re a plugin developer, a theme developer, or a web site administrator, you have to be operating this in your check environments and reporting any bugs you discover. (See the known issues here.) In the event you’re a WordPress consumer who desires to open your presents early, make the most of WordPress’s well-known 5-minute set up and spin up a secondary check web site. Let us know what you think!