WordPress 3.5.1 Security and Maintenance update
WordPress is our blogging platform of choice and it is only natural that we mention updates that are being made to the platform here on the site. Today WordPress 3.5.1 was released, a security and maintenance related update that is recommended to be installed as soon as possible on all live sites running on WordPress.
According to the blog post over at the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.
As far as security goes, the following security issues have been fixed in WordPress 3.5.1.
- Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
- Two cross-side scrippting issues via shortcodes and post content.
- Another cross-site scripting vulnerability in the Plupload library
The remaining updates and fixes address an assortment of issues of which two have received a high rating. One fixes an issue where link tags are getting stripped from the editor in WordPress 3.5, the other that scheduled posts trigger non-unfiltered html filters. The issue here is that some tags, like embedded video contents, may have been filtered out which broke them from being displayed properly on the site's frontend.
Webmasters can update their sites from within the admin dashboard if the site has been properly configured to be updated this way. If this is not the case or desired, it is alternatively possible to download the latest version from the official WordPress website to install it manually on the server.
The developers note that a bug may prevent WordPress updates on Windows server running IIS from being applied. A codex page has been created to address the issue and help server admins apply the update on Windows Servers running IIS as well. Options include installing a hotfix or adding a single line of code to the wp-config.php file.
AdvertisementWe need your help
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Previous Post: « Give your website a thorough security scan with Detectify
Next Post: Scan websites for Internet Explorer 10 compatibility »
I hope (but why do I doubt?) that it will fix my apparent 3.5 issue of stripping out and on posts that are scheduled (not published live). Keeps all my CSS in between those tags. Really annoying. Don’t like inline or external CSS for posts. I’ll soon see if the embedded is fixed.
Good luck with that.
Haven’t visited my wpadmin yet, thanks for mentioning it.. Checking it now and hope to update to the latest version without any problem.
Thanks,
Nhick
Thank you for informing this crucial update :) Will upgrade my WordPress sites immediately