WordPress 3.3.2 Maintenance and Security Update Released
The WordPress development team has just released version 3.3.2 of the blogging platform. WordPress 3.3.2 is a security and maintenance release that WordPress webmasters and administrators should install on their blogs as soon as possible.
WordPress updates are as usually announced in the admin dashboard of the WordPress installation. Webmasters can run the update from there automatically if they have the proper permissions to run the platform update on the web server. Webmasters who do not have the permissions to do just that, need to update the blog to the new WordPress version manually by uploading the WordPress files to the server manually, and running the updating script afterwards (by running /wp-admin/upgrade.php in the web browser).
Webmasters who do not see the update notifications right now, need to click on Dashboard > Updates to check for newer versions manually. This should pick up the new version then.
The summary on the WordPress Codex website reveals the security updates that have made their way in WordPress 3.3.2:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
- Cross-site scripting vulnerability when making URLs clickable.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs
Five other non-security related bugs were also fixed in this version of WordPress. All WordPress 3.3.2 changes are listed in the full change log which can be accessed here.
The update should not break a site's theme or plugins, as it is not making changes to WordPress core features or technologies. It is still recommended to create a backup of the blog and database before you apply the update.Advertisement
Did they fix the mess of Mac OSX Flashfake trojan where as many as 100,000 WordPress blogs infected 700,000 Macs with the malware ?
I installed the 3.3.2 update today, and none of my buddypress links work.. i.e. groups, forums, posts, members, profiles.. none of them… what could be causing this?
Update: i was able to relieve the problem by disabling a plugin called “role scoper” and re-enabling it. it appears to be still causing errors elsewhere so i have totally disabled the plugin completely to restore functionality back to my website. Sux cuz a lot of my pages rely on it. it worked fine until i upgraded to the new wordpress ver 3.3.2. also, i noticed that when uploading an avatar to groups, it does alot of weird stuff during the cropping phase. it could be an issue just with my installation, but i felt it at least worth mentioning.
That sounds like a big issue, have you checked the support forums to see if there are other BuddyPress users affected by this?
It does not affect plugins and themes? I have my doubts. I don’t use buddypress but I don’t want to risk right now. Let those who have updated tell us what it is like. Any bugs?
Well the changes should not affect themes or plugins, but it seems that some webmasters are still running into issues. I have updated about 30 blogs and not a single update has caused issues.