WordPress 3.5.1: A Security Release For All WP Versions
25 Jan 2013
Still haven’t decided to meet Elvin for fear of new version issues?
This first maintenance and security release, WordPress 3.5.1, will fix 37 known bugs affecting every WordPress site since December 11, 2012. It is also a security release for all previous versions of WordPress.
When Elvin was launched in December of 2012, a lot of webmasters quickly upgraded to the new version, but later complained of some site functionality issues. While the problem was heavily blamed on “outdated” plugins, if you have upgraded to Elvin during those times without making a back-up database first, you’ve probably wished you didn’t make a hasty upgrade.
There were a lot of questions, but only few answers that didn’t seem to solve the entire problem. Common expert suggestions were to deactivate all plugins, then activate them again, one by one, to see where the problem lies. But when things don’t go well, you’ll have to keep the short code, define(‘SCRIPT_DEBUG’, true); in your wp- config.php to debug some script (which could slightly slowdown your site) to keep a good overall performance.
With WordPress 3.5.1, it was made clear that WP bugs were also causing some issues, but now that these errors are about to be debugged, all you have to do is wait for your favorite plugins to catch up and upgrade, so you can start using them again.
WordPress 3.5.1 List of Changes
These major changes were based on some 30+ summarize tickets submitted to WordPress, since its version 3.5 release.
- Additional HTML protection in the WP Editor
- Strengthened workflow compatibility in the new WP Media Manager
- Corrected rewrite rules when using a new network
- Protect HTML elements in scheduled posts
- Reconfiguration of WordPress to make some important JavaScript to work properly in the admin area
- Disable warnings when a plugin misuse the WordPress database.
Fixed Security Issues
Today, the WordPress security team, with the help of some experts, announced that they have fixed the following vulnerabilities for all WordPress versions:
- Protection from forgery issues coming from pingbacks and server-side requests that can leave important information completely exposed to unauthorized individuals.
- Cross-site scripting: This type of security vulnerability happens when you use a browser that has a breached security, which can allow an attacker to inject malicious codes to your WordPress post, shortcodes, and external library Plupload.
P.S. If you are still using a previous version, upgrade now to WordPress Elvin to give way to a more secure and powerful WordPress site. This latest release will not only fix bugs and improve your site’s performance, there are core changes essential for both you and your online visitors.
→ Subscribe to Blog Via Email to receive updates directly to your email.
Jan 29, 2013 @ 05:16:17
nice to hear all updates. thanks
Jan 29, 2013 @ 08:15:46
I hope outdated plug ins will update also.
Feb 04, 2013 @ 06:48:49
Hi Adino. This site actually uses 1 important plugin that has not upgraded to 3.5 yet, but it seems to work well with 3.5. So, I guess conflict only comes when a plugin uses an independent jQuery that’s not compatible with 3.5 script.
Feb 04, 2013 @ 04:44:50
Good work wordpress team! and credit to all hard-working plugin developers.
Feb 04, 2013 @ 04:46:43
didn’t know wordpress has these security issues.
Feb 04, 2013 @ 04:55:27
37 bugs is a lot. Good to hear this update will fix all.
Feb 04, 2013 @ 06:54:31
I think it’s best to upgrade to new version after the first update release.