Home » WordPress

Category: WordPress

Spring is Here! New WordPress 3.9

Wow time flies! April is a great month here in Greenville South Carolina. All my daffodils and tulips popped up making the day a lot more colorful.

If you’re a WordPress user there will be another major release on the 16th of April.

Yes we are getting WordPress version 3.9 if you have any custom code DO NOT update until you have set up a development website and tested everything!

More on that here: WordPress 3.9 Release Candidate (opens in a new tab) 

Don’t panic just update WordPress to Version 3.6.1

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

  • Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE pending.
  • Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij. CVE pending.
  • Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE pending.

Additional security hardening:

  • Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

A full log of the changes made for 3.6.1 can be found at http://core.trac.wordpress.org/log/branches/3.6?stop_rev=24972&rev=25345.