WordPress 3.5.2 update fixes security issues
Ghacks is running on WordPress and whenever the software gets updated, I not only update the blog but also write about it here on the site. The update notifications in the admin dashboard are helpful in this regard as they inform webmasters about updates directly. That's however only the case if you open the dashboard regularly. If you update your blog once a week, you may not notice that an update is available directly but only after a couple of days.
WordPress 3.5.2 is a maintenance and security release that fixes several issues in the blogging software.Â The development team suggests strongly that site admins and webmasters update their blogs immediately to the new version.
As far as security fixes are concerned, the following have been resolved in WordPress 3.5.2.
- Server-side request forgery attacks that could provide attackers with access to the site.
- Contributors can no longer publish posts improperly.
- The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities.
- Blocking denial of service attacks against sites that use password protected posts.
- An update to TinyMCE fixing a cross-site scripting vulnerability.
- Multiple cross-site scripting vulnerability fixes.
- Full path not disclosed when uploads fail.
Another 12 maintenance related issues have been fixed in the new release.Â You can check them out here on the WordPress tracker.
Updates should go through without issues on most blogs. I have updated half a dozen blogs so far and none acted up weirdly after the update. All plugins, the theme and the site's functionality worked just like before.
While that has been the case, it is still recommended to make a backup of your blog before you apply the update so that you can roll it back if you run into issues.
You can apply the update directly from the admin dashboard if your blog has been configured this way, or download it from the official website instead to update the blog manually instead.Advertisement