WordPress 3.9.2 is currently readily available as a safety and security launch for all previous variations. We highly motivate you to upgrade your websites promptly.
This launch solutions a feasible rejection of solution concern in PHP’s XML handling, reported by Nir Goldshlager of the Salesforce.com Item Safety And Security Group. It was taken care of by Michael Adams as well as Andrew Nacin of the WordPress safety and security group as well as David Rothstein of theDrupal security team This is the very first time our 2 jobs have actually worked with joint safety and security launches.
WordPress 3.9.2 additionally includes various other safety and security adjustments:
- Repairs a feasible yet not likely code implementation when refining widgets (WordPress is not influenced by default), found by Alex Concha of the WordPress safety and security group.
- Protects against details disclosure through XML entity assaults in the outside GetID3 collection, reported by Ivan Novikov of ONSec.
- Includes defenses versus brute assaults versus CSRF symbols, reported by David Tomaschik of the Google Safety And Security Group.
- Has some extra safety and security solidifying, like avoiding cross-site scripting that can be caused just by managers.
Download WordPress 3.9.2 or endeavor over to Control Panel → Updates as well as merely click “Update Now”.
Websites that sustain automated history updates will certainly be upgraded to WordPress 3.9.2 within 12 hrs. (If you are still on WordPress 3.8.3 or 3.7.3, you will certainly additionally be upgraded to 3.8.4 or 3.7.4. We do not sustain older variations, so please upgrade to 3.9.2 for the most up to date as well as best.)
Currently examining WordPress 4.0? The 3rd beta is now available (zip) as well as it includes these safety and security solutions.