WordPress 3.5.1 is now out there. Model 3.5.1 is the primary upkeep launch of three.5, fixing 37 bugs. It’s also a safety launch for all earlier WordPress variations. For a full listing of modifications, seek the advice of the list of tickets and the changelog, which embrace:
- Editor: Forestall sure HTML parts from being unexpectedly eliminated or modified in uncommon instances.
- Media: Repair a set of minor workflow and compatibility points within the new media supervisor.
- Networks: Counsel correct rewrite guidelines when creating a brand new community.
- Forestall scheduled posts from being stripped of sure HTML, corresponding to video embeds, when they’re revealed.
- Suppress some warnings that might happen when a plugin misused the database or consumer APIs.
Moreover, a bug affecting Home windows servers working IIS can forestall updating from 3.5 to three.5.1. Should you obtain the error “Vacation spot listing for file streaming doesn’t exist or will not be writable,” you have to to follow the steps outlined on the Codex.
WordPress 3.5.1 additionally addresses the next safety points:
- A server-side request forgery vulnerability and distant port scanning utilizing pingbacks. This vulnerability, which may doubtlessly be used to reveal data and compromise a web site, impacts all earlier WordPress variations. This was fastened by the WordPress safety workforce. We’d prefer to thank safety researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
- Two cases of cross-site scripting through shortcodes and put up content material. These points had been found by Jon Cave of the WordPress safety workforce.
- A cross-site scripting vulnerability within the exterior library Plupload. Due to the Moxiecode workforce for working with us on this, and for releasing Plupload 1.5.5 to deal with this problem.
Download 3.5.1 or go to Dashboard → Updates in your web site admin to replace now.