WordPress 3.3.1 Security Update Available
A new version of the popular blogging software WordPress has just been released. WordPress admins should already see update notifications in the dashboards of the blogs that they administrate. The update is also already advertised on the official WordPress website.
It is as usually possible to update the blog right away from within the admin dashboard if it has been configured for that, or via file transfer clients if the former option is not available.
The blog post that announces the new version of WordPress mentions 15 maintenance related fixes and one security related fix that have been applied to the new version. It fails to go into detail but links to the bug tracker listing which details every fix except for the security issue.
At least one of the issues that have been fixed in WordPress 3.3.1 seem to have affected this site. I was recently noticing issues with the author biographies not being displayed anymore on article pages, and it took a whole day to find a working workaround. It appears now that this was a bug that got fixed with this new WordPress release.
The security vulnerability is only briefly mentioned in the blog post where it is described as a cross-site scripting vulnerability that is affecting WordPress version 3.3.
The WordPress Codex lists all files that have been revised in the new version. It is theoretically possible to only upload those files to the site to save time and bandwidth.
I have already updated several WordPress sites to version 3.3.1 and did not notice any odd behavior or issues with the updating or site operation.
WordPress admins are encouraged to update their blogs as soon as possible to protect it from the security vulnerability and to resolve the stability issues that have been fixed with the update.Advertisement