WordPress 3.4.1 maintenance and security update announced

. June 28, 2012 . 0 Comments

WordPress.org have announced version 3.4.1 a maintenance and security update has been released.

The new version fixes 18 bugs in WordPress that were discovered in version 3.4 which has been released two weeks ago.

Fixes include:
Fixes an issue where a theme’s page templates were sometimes not detected.

Addresses problems with some category permalink structures.

Better handling for plugins or themes loading JavaScript incorrectly.

Adds early support for uploading images on iOS 6 devices.

Allows for a technique commonly used by plugins to detect a network-wide activation.

Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.

Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.

CSRF. Additional CSRF protection in the customizer.

Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).

Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.

Hardening: Require a child theme to be activated with its intended parent only.

Download and info: http://codex.wordpress.org/Version_3.4.1

Category: WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *