Attention all WordPress users! Just a few hours ago, the WordPress dev team released WordPress 3.1.3 which is a security update for all previous versions of the software. If you haven’t upgraded to this latest release, you are strongly encouraged to do so A.S.A.P. Below are the different updates, patches and bug fixes included in WordPress 3.1.3:
- Various security hardening by Alexander Concha.
- Taxonomy query hardening by John Lamansky.
- Prevent sniffing out user names of non-authors by using canonical redirects. Props VerÃ³nica Valeros.
- Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
- Improves file upload security on hosts with dangerous security settings.
- Cleans up old WordPress import files if the import does not finish.
- Introduce “clickjacking” protection in modern browsers on admin and login pages.
You can download WordPress 3.1.3 and do the upgrade manually or you can choose to do it the easy way via the WordPress admin panel — Dashboard > Updates. Be sure to backup your WordPress database and deactivate all active plugins before performing the upgrade.
Aside from WordPress 3.1.3, the dev team has done a scheduled released WordPress 3.2 Beta 2, thirteen days after Beta 1 was released. Again, this beta version was released for testing purposes so only use it on a test site, not on a live/production site and please provide feedback or report any bugs you encounter.
New stuff included in WordPress 3.2 Beta 2:
- Google Chrome Frame is now supported in the admin, if you have it installed. This is especially useful for IE 6 users (remember, IE 6 is otherwise deprecated for the admin).
- The admin is less ugly in IE 7.
- The blue admin color scheme has caught up to the grey one, and is ready for testing.
For those who tried to access this blog earlier and noticed that it was down, it was because I was upgrading to WordPress 3.1.3. The upgrade process went smoothly and so far there’s no issues or problems (plugin incompatibilities) with the new version. If you haven’t upgraded yet, please spend a few minutes of your time to do it. Better safe than sorry!