Hosted WordPress Clients: We’ve Updated to WordPress 3.5.1

We just wanted to let all of our hosted WordPress clients know that we’ve updated your WordPress core to 3.5.1 which was released on Jan. 24, 2013. Here’s a quick breakdown of what’s new in 3.5.1. If you’d like even more information on these new features, here’s the official release post explaining what’s new in WordPress 3.5.1. This particular release fixed 37 bugs and several security issues. If you haven’t already updated, you’ll want to do so as soon as possible.

General Changes/Fixes:

  • Library has been completely revamped; it’s now easier to use and more visually appealing
  • With the launch of the Twenty Twelve theme on WordPress.org, the theme itself is completely retina display ready
  • For Developers: AJAX functionality has been added to the media library in its use and also in the meta data association with images
  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

Security Fixes

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Read the official release post for more information.

P.S. – We’ve updated all of your plugins and themes as well.

Leave a Comment

Your email address will not be published.