WordPress 3.5.1 is now available.
Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs.
It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
WordPress 3.5.1 also addresses the following security issues:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
- Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
- A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
WordPress Updating Tips
When updating WordPress, themes or plugins, it doesn’t hurt to get in the habit of following the simple steps below… including double-checking with your theme’s developer *before* updating to make sure your theme will play nice with this new version. If you are on a quality theme your developer is most likely already looking into this.
WARNING: The upgrade process will affect all files and folders included in the main WordPress installation. This includes all the core files used to run WordPress, two plugins (Akismet and Hello Dolly) and two themes (Twenty Eleven and Twenty Ten). If you have made any changes to those files, your changes will be lost.
Step-by-step instructions to help you safely and easily update to the most recent version of WordPress.
Before you update we need to do a little housekeeping:
- Save a copy of all your WordPress files, pages and posts to your hard drive. You do this by clicking on the Tools icon in the left sidebar and then Export. On the next screen click on Download Export File. You might want to create a new Folder on your hard drive where you keep all your Website files. Name it WP Backup so you know to save all backup files for WP there (and you’ll know where to find them if you need them). It is a good idea to back up this file once a month anyway regardless if an update is needed.
- Backup your WordPress database. There is a nifty plugin that makes this process a no brainer, WP-DBManager. This plugin is also a must have for repairing and optimizing your database (which you should be doing minimally monthly to keep things running smoothly).
- Do a quick double-check with your framework/theme developer to see if there are an issues with their themes and the most recent WordPress update. Same goes for your plugins. The last thing you want to do is update WordPress to find out after the fact your theme or plugins have conflicts.
- To be safe, deactivate all plugins before upgrading.
[ It is a good idea to Review my article: WordPress How To: Do the Mother of All Backups ]
Once you get the above tasks accomplished, follow the links in the nag bar (it’s called a nag because that yellow bar will be up there “nagging” you until you take care of the important issue noted) and update your site to the latest version of WordPress.
Then, don’t forget to reactivate and update your plugins. You’ll see with each WordPress update that plugin developers also update their plugins which you can also do with one click. You’ll see the now familiar yellow nag bar under the plugin name in the plugins area with a link to “upgrade automatically.”
If you find after an update that something is not working as it was, go through the systematic process of deactivating your plugins one at a time until you find the culprit. If the developer has not updated his/her plugin to work with the lasted update, find another plugin whose developer is on top of these things.
Updating should not be ignored or put off. When you keep up with WordPress, have a Premium Theme and Plugin updates, you are not only keeping up with technology, but you make sure your site is secure and functioning error free.
At your service,