WordPress 3.5.1 Security and Maintenance update

Martin Brinkmann
Jan 25, 2013
Development
|
4

WordPress is our blogging platform of choice and it is only natural that we mention updates that are being made to the platform here on the site. Today WordPress 3.5.1 was released, a security and maintenance related update that is recommended to be installed as soon as possible on all live sites running on WordPress.

According to the blog post over at the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.

As far as security goes, the following security issues have been fixed in WordPress 3.5.1.

  • Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
  • Two cross-side scrippting issues via shortcodes and post content.
  • Another cross-site scripting vulnerability in the Plupload library

The remaining updates and fixes address an assortment of issues of which two have received a high rating. One fixes an issue where link tags are getting stripped from the editor in WordPress 3.5, the other that scheduled posts trigger non-unfiltered html filters. The issue here is that some tags, like embedded video contents, may have been filtered out which broke them from being displayed properly on the site's frontend.

Webmasters can update their sites from within the admin dashboard if the site has been properly configured to be updated this way. If this is not the case or desired, it is alternatively possible to download the latest version from the official WordPress website to install it manually on the server.

The developers note that a bug may prevent WordPress updates on Windows server running IIS from being applied. A codex page has been created to address the issue and help server admins apply the update on Windows Servers running IIS as well. Options include installing a hotfix or adding a single line of code to the wp-config.php file.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Robert said on February 6, 2013 at 5:02 am
    Reply

    Thank you for informing this crucial update :) Will upgrade my WordPress sites immediately

  2. IT Rush said on January 25, 2013 at 4:11 pm
    Reply

    Haven’t visited my wpadmin yet, thanks for mentioning it.. Checking it now and hope to update to the latest version without any problem.

    Thanks,
    Nhick

  3. Karl Gephart said on January 25, 2013 at 9:53 am
    Reply

    I hope (but why do I doubt?) that it will fix my apparent 3.5 issue of stripping out and on posts that are scheduled (not published live). Keeps all my CSS in between those tags. Really annoying. Don’t like inline or external CSS for posts. I’ll soon see if the embedded is fixed.

    1. Martin Brinkmann said on January 25, 2013 at 9:56 am
      Reply

      Good luck with that.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.