WordPress 3.4.2 Security Update released

Martin Brinkmann
Sep 6, 2012

Most of the blogs that I own or administrate run a copy of the blogging script WordPress, and one common task is to take care of blog software and plugin updates. WordPress has just released an update that brings the version of WordPress to 3.4.2. This update is a maintenance and security update, which makes updates a pressing matter.

WordPress webmasters should receive update notifications in the admin dashboard from where they can run the update internally to install it in record time. Those who prefer to install updates manually can download the latest version from the WordPress project website.

WordPress 3.4.2 fixes several security related issues and on top of that includes additional security hardening efforts. The official changelog lists the following security related changes:

  • Fix unfiltered HTML capabilities in multisite.
  • Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
  • Allow operations on network plugins only through the network admin.
  • Hardening: Simplify error messages when uploads fail.
  • Hardening: Validate a parameter passed to wp_get_object_terms().

As far as maintenance goes, a total of 18 different bugs are fixed in WordPress 3.4.2 of which the majority appear to address issues that only a minority of WordPress admins and users likely have come in contact with.

  • Fixes some issues in the admin area where some older browsers (IE7, in particular) may slow down, lag, or freeze.
  • Fixes an issue where a theme may not preview correctly, or its screenshot may not be displayed.
  • Fixes the use of multiple trackback URLs in a post.
  • Prevents improperly sized images from being uploaded as headers from the customizer.
  • Ensures proper error messages can be shown to PHP4 installs. (WordPress requires PHP 5.2.4 or later.)
  • Fixes handling of oEmbed providers that only return XML responses.
  • Addresses pagination problems with some category permalink structures.
  • Adds more fields to be returned from the XML-RPC wp.getPost method.
  • Avoids errors when updating automatically from very old versions of WordPress (pre-3.0).
  • Fixes problems with the visual editor when working with captions.

The security fixes and hardening are reason enough to update the blog as soon as possible to avoid issues that can arise if these are exploited in attacks.It is recommended to backup your blog first before you run the update to make sure that you have an option to restore it to the previous version if the need arises. While it is unlikely that you will have any issues with this update, it is still possible that this may happen. Happy updating.


Previous Post: «
Next Post: «


  1. Debbie said on October 28, 2012 at 8:35 pm

    I just upgraded to 3.4.2 and now my dashboard is no longer working. I can’t search or edit comments or do much of anything without getting errors. I got the following error when upgrading most of my plugins:
    Warning: Cannot modify header information – headers already sent by (output started at /home/youryoun/public_html/wp-includes/general-template.php:2099) in /home/youryoun/public_html/wp-includes/pluggable.php on line 881

    I had a backup done by hostgator before I started and I’m thinking I have to revert back. Does anyone know what is going on here? Please help.

    1. Debbie said on October 28, 2012 at 9:27 pm

      Well, after reading all the posts here and in other places, I deactivated almost all of my plugins, and my dashboard is now working. I am activating plugins one by one and testing to see where the problems come in. I suspect the ones that brought about those errors are the same that were causing the dashboard not to work.

    2. Martin Brinkmann said on October 28, 2012 at 8:40 pm

      This is likely due to an error in the copying of new files. I suggest you fire up your ftp program and transfer all the WordPress 3.4.2 files manually to the server.

  2. Jules Webber said on October 16, 2012 at 7:45 am

    I also experienced this issue and instead upload the files manually. My wordpress blog is now fully working. Thanks Martin!

  3. Allen said on September 8, 2012 at 1:33 am

    Anyone have an issue upgrading to WordPress 3.4.2? I tried and it just sits on the “. . .wp-admin/update-core.php?action=do-core-upgrade” page and does nothing.

    Now the site still works but all my dashboard links go to blank pages.

    Any ideas?

    1. Martin Brinkmann said on September 8, 2012 at 9:25 am

      Try manually updating the files instead, this should resolve the issue.

    2. Shane Gowland said on September 8, 2012 at 9:24 am

      You can usually fix broken upgrade errors by repeating the update manually. See: http://codex.wordpress.org/Updating_WordPress#Manual_Update

  4. Matias Aquino said on September 7, 2012 at 4:00 pm

    Same here Martin! First place I thought of to see what´s changed in this WP version was Ghacks! :)

  5. Beecher Bowers said on September 7, 2012 at 2:35 pm

    Hi Martin,
    Thanks for posting these synopses of WordPress updates when they are released. It’s a quick way to get an overview of what’s changed, and updated and why.

    1. Martin Brinkmann said on September 7, 2012 at 2:58 pm

      You are welcome. I always check up on new updates, and why not spread the word to help others out as well.

  6. Marius Lixandru said on September 7, 2012 at 9:05 am

    Hello, thank you for your article, i have installed an italian version of wordpress but now if i click update to the version 3.4.2 i have only one choice “english version”

    1. Martin Brinkmann said on September 7, 2012 at 9:12 am

      It usually takes some time before localized versions become available.

      1. Marius Lixandru said on September 7, 2012 at 11:58 am

        thank you for your reply Martin, i have download the last wordpress 3.4.2 version and was automatically localized in my italian language without do any action.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.