Wordpress 3.5.1 Security and Maintenance update - gHacks Tech News

WordPress 3.5.1 Security and Maintenance update

WordPress is our blogging platform of choice and it is only natural that we mention updates that are being made to the platform here on the site. Today WordPress 3.5.1 was released, a security and maintenance related update that is recommended to be installed as soon as possible on all live sites running on WordPress.

According to the blog post over at the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.

As far as security goes, the following security issues have been fixed in WordPress 3.5.1.

  • Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
  • Two cross-side scrippting issues via shortcodes and post content.
  • Another cross-site scripting vulnerability in the Plupload library

The remaining updates and fixes address an assortment of issues of which two have received a high rating. One fixes an issue where link tags are getting stripped from the editor in WordPress 3.5, the other that scheduled posts trigger non-unfiltered html filters. The issue here is that some tags, like embedded video contents, may have been filtered out which broke them from being displayed properly on the site's frontend.

wordpress 3.5.1

Webmasters can update their sites from within the admin dashboard if the site has been properly configured to be updated this way. If this is not the case or desired, it is alternatively possible to download the latest version from the official WordPress website to install it manually on the server.

The developers note that a bug may prevent WordPress updates on Windows server running IIS from being applied. A codex page has been created to address the issue and help server admins apply the update on Windows Servers running IIS as well. Options include installing a hotfix or adding a single line of code to the wp-config.php file.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Karl Gephart said on January 25, 2013 at 9:53 am
      Reply

      I hope (but why do I doubt?) that it will fix my apparent 3.5 issue of stripping out and on posts that are scheduled (not published live). Keeps all my CSS in between those tags. Really annoying. Don’t like inline or external CSS for posts. I’ll soon see if the embedded is fixed.

      1. Martin Brinkmann said on January 25, 2013 at 9:56 am
        Reply

        Good luck with that.

    2. IT Rush said on January 25, 2013 at 4:11 pm
      Reply

      Haven’t visited my wpadmin yet, thanks for mentioning it.. Checking it now and hope to update to the latest version without any problem.

      Thanks,
      Nhick

    3. Robert said on February 6, 2013 at 5:02 am
      Reply

      Thank you for informing this crucial update :) Will upgrade my WordPress sites immediately

    Leave a Reply