WordPress 3.5.1 is now available with solved security issue.
Wordpress 3.5.1 is the first maintenance release of 3.5, with fixing 37 bugs. It has solution for all previous WordPress version's security issue. Here some of bug fix issue, which include:
Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
Media: Fix compatibility issues in the new media manager & a collection of minor workflow.
Networks: Suggest proper rewrite rules when creating a new network.
Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
Work around some mis-configurations that may have caused some JavaScript in the WordPress admin area to fail.
Fix some warnings that could occur when a plugin misused the database or user APIs.
Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you will need to follow the steps outlined on the Codex.
WordPress 3.5.1 also fix the following security issues:
A server-side request forgery vulnerability and remote port scanning using ping-backs This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions.
Two instances of cross-site scripting via short-codes and post content.
A cross-site scripting vulnerability in the external library Plupload. These issues also fixed in wordpress 3.5.1.
No comments:
Post a Comment