WordPress 3.3.2 Maintenance and Security Update Released
The WordPress development team has just released version 3.3.2 of the blogging platform. WordPress 3.3.2 is a security and maintenance release that WordPress webmasters and administrators should install on their blogs as soon as possible.
WordPress updates are as usually announced in the admin dashboard of the WordPress installation. Webmasters can run the update from there automatically if they have the proper permissions to run the platform update on the web server. Webmasters who do not have the permissions to do just that, need to update the blog to the new WordPress version manually by uploading the WordPress files to the server manually, and running the updating script afterwards (by running /wp-admin/upgrade.php in the web browser).
Webmasters who do not see the update notifications right now, need to click on Dashboard > Updates to check for newer versions manually. This should pick up the new version then.
The summary on the WordPress Codex website reveals the security updates that have made their way in WordPress 3.3.2:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
- Cross-site scripting vulnerability when making URLs clickable.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs
Five other non-security related bugs were also fixed in this version of WordPress. All WordPress 3.3.2 changes are listed in the full change log which can be accessed here.
The update should not break a site's theme or plugins, as it is not making changes to WordPress core features or technologies. It is still recommended to create a backup of the blog and database before you apply the update.Advertisement