Heads up to all WordPress users. The development team has just released earlier today the latest stable version – WordPress 3.6.1 which fixes thirteen different bugs in WordPress 3.6. Aside from the different bug fixes, this latest version is also a security release for all older version of WordPress. Everyone is strongly encouraged to upgrade their websites and blogs A.S.A.P.
WordPress 3.6.1 addresses the following security issues fixed by the WordPress security team:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
In addition to the bug and security fixes, the dev team has also adjusted security restrictions used in file uploads to reduce the possibility of cross-site scripting.
I don’t usually upgrade my WordPress installation as soon as the latest version is released unless it involves performance and security issues. So as soon as I found out that version 3.6.1 was a maintenance and security release, I immediately upgraded. The upgrade process went smoothly and so far have not come across any issues or problems even with the active plugins.
Users can download WordPress 3.6.1 from WordPress.org and update manually or can do it automatically via the WordPress admin panel — Dashboard > Updates. Before you do the upgrade please make sure that you backup your files (wp-content, images, etc.) and your database. You also need to deactivate all active plugins to avoid any conflicts and issues.