WordPress 3.1.4. has just been released and the developers refer to it as a security and maintenance upgrade. The new version fixes one known vulnerability that “could allow a malicious Editor-level user to gain further access to the site”. If you are running a single author blog you are safe from this.

I’d still recommend to update the blog as soon as possible because of security hardening additions to the blogging platform.

The update is as usually available as a direct download, install and update from within the WordPress admin interface, and as a separate download from the official WordPress website. I have updated a total of five blogs so far – including Ghacks Technology News – and encountered no problems or issues after the update. While it may be to early to tell, it is relatively safe to say that the update won’t break the blog.

WordPress admins who are interested in all changes in the WordPress 3.1.4 release find them listed on WordPress trac.

The developers have furthermore released the third and final release candidate of WordPress 3.2 which will be released in the near future. While I would not suggest to update a public blog to that version yet, it is clear that it won’t be long until the final version is released. Likely again before my bedtime.

You find additional information about the features and changes in WordPress 3.2 on the official beta announcement post over at the WordPress website.

Have you updated your blogs yet? If so, have you encountered any issues with this update?

The XSS vulnerability could be used to create comment author urls that would redirect the system administrator away from the blog’s website to another site to exploit the situation. WordPress webmasters are encouraged to update their blogs as soon as possible to patch the security vulnerability.

Updates are available directly from within the WordPress interface if the correct server login information are supplied or by updating the traditional way which would mean to download the WordPress release from the WordPress website, upload it to the web server and run the upgrade command manually. The release information should also be displayed prominently in the WordPress admin interface with a link to the automatic update script of WordPress.

Some changes that WordPress admins will notice right away are speed improvements in the admin interface and the ability to change more aspects of the layout than before. WordPress will for instance automatically adjust the layout according to the screen size of the web browser window with options to change the amount of columns and what is being displayed on the screen.

It is now possible to remove or add information when viewing posts, pages or comments in the admin interface with the additional option to change the number of items that are displayed on the screen. It is now therefor possible to change the default number of comments that are displayed on screen which could have been achieved before only by hacking system files.

Other improvements include a new theme installer which allows the webmaster to search for and install themes right from the WordPress admin interface without leaving the website. This is a similar feature to the automatic plugin installation that was added in earlier versions.

The WordPress Codex contains a list of all changes and additions that have been added to WordPress 2.8. The new version can be downloaded from the main WordPress site.