WordPress 3.9.2 is currently offered as a protection launch for all previous variations. We highly urge you to upgrade your websites right away.
This launch repairs a feasible rejection of solution problem in PHP’s XML handling, reported by Nir Goldshlager of the Salesforce.com Item Protection Group. It was dealt with by Michael Adams and also Andrew Nacin of the WordPress safety group and also David Rothstein of theDrupal security team This is the very first time our 2 tasks have actually worked with joint safety launches.
WordPress 3.9.2 likewise consists of various other safety modifications:
- Deals with a feasible yet not likely code implementation when refining widgets (WordPress is not influenced by default), uncovered by Alex Concha of the WordPress safety group.
- Stops info disclosure by means of XML entity assaults in the exterior GetID3 collection, reported by Ivan Novikov of ONSec.
- Includes defenses versus brute assaults versus CSRF symbols, reported by David Tomaschik of the Google Protection Group.
- Has some added safety solidifying, like stopping cross-site scripting that might be activated just by managers.
Download WordPress 3.9.2 or endeavor over to Control Panel → Updates and also just click “Update Now”.
Websites that sustain automated history updates will certainly be upgraded to WordPress 3.9.2 within 12 hrs. (If you are still on WordPress 3.8.3 or 3.7.3, you will certainly likewise be upgraded to 3.8.4 or 3.7.4. We do not sustain older variations, so please upgrade to 3.9.2 for the most recent and also biggest.)
Currently examining WordPress 4.0? The 3rd beta is now available (zip) and also it consists of these safety repairs.