WordPress 3.5.1 Security and Maintenance update

WordPress is our blogging platform of choice and it is only natural that we mention updates that are being made to the platform here on the site. Today WordPress 3.5.1 was released, a security and maintenance related update that is recommended to be installed as soon as possible on all live sites running on WordPress.

According to the blog post over at the official WordPress blog, 37 bugs were fixed in this release including four security issues and a couple of stability related issues.

As far as security goes, the following security issues have been fixed in WordPress 3.5.1.

• Misuse of pingbacks for remote port scanning and a server side request forgery vulnerability which could lead to information exposure and site compromising.
• Two cross-side scrippting issues via shortcodes and post content.
• Another cross-site scripting vulnerability in the Plupload library

The remaining updates and fixes address an assortment of issues of which two have received a high rating. One fixes an issue where link tags are getting stripped from the editor in WordPress 3.5, the other that scheduled posts trigger non-unfiltered html filters. The issue here is that some tags, like embedded video contents, may have been filtered out which broke them from being displayed properly on the site's frontend.

Webmasters can update their sites from within the admin dashboard if the site has been properly configured to be updated this way. If this is not the case or desired, it is alternatively possible to download the latest version from the official WordPress website to install it manually on the server.

The developers note that a bug may prevent WordPress updates on Windows server running IIS from being applied. A codex page has been created to address the issue and help server admins apply the update on Windows Servers running IIS as well. Options include installing a hotfix or adding a single line of code to the wp-config.php file.

Advertisement