Late last year, WordPress.org announced the official release of WordPress 3.5 Elvin. The new version focused on Image Gallery effects while adding hi-resolution capabilities and increased functionality to the default Control Panel. Forty-two days later, the first major update has been released; addressing maintenance and security issues while providing fixes to over three dozen bugs.
In a January 24th blog post, Andrew Nacin stated that “WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions.”
Changelog & Modifications
By looking at the official changelog, we notice that alterations were made to the Editor in order to ensure HTML elements aren’t suddenly removed. The new media manager has also been tweaked, as have the issues with scheduled posts losing certain HTML elements such as video embeds when they are ultimately published.
Nacin (pictured) also pointed out how to correct a bug related to installation in his post. “Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error ‘Destination directory for file streaming does not exist or is not writable,’ you will need to follow the steps outlined on the Codex.”
WordPress 3.5.1 Security Fixes
The new version addresses a number of security issues according to Nacin, who listed the updates individually in his blog entry:
1. A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We’d like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
2. Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
3. A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.
Worldwide News Coverage
The rapid publication of related news stories from around the globe shows that the WordPress platform has indeed expanded into nearly every region as it now powers nearly one-quarter of all websites.
Our December 12th news story on the initial launch of WordPress 3.5 Elvin outlined the differences involved around Retina icons for User Interface back-end use that were specifically implemented for full hiDPI support.
The Twenty Twelve default theme also came with a fully responsive design; catering to the ever-growing mobile device and tablet computer market in which users have come to expect customized view parameters.
What’s Next For WordPress?
WordPress.com head Matt Mullenweg has made no secret that parent company Automattic plans to continue developing technology and functionality for small screen users in 2013. The evolution of responsive themes last year practically launched an entirely new market as consumers gobbled-up templates that required no additional plugins in order to display a responsive layout.
More multimedia features are in the mix with easier controls being planned that will bring even more customizable control to the way media is published on WordPress sites. Finally, social media network sharing and analytical tools have become a priority as website owners strive to achieve a higher conversion rate from Twitter Followers, Facebook Likes, and YouTube Subscribers. WordPress users can likely look forward to even more seamless controls in the coming year.
If you would like to install the update, you can Download WordPress 3.5.1 here. You can also use the WordPress Dashboard > Updates section to activate the new version.
Here is the original:
WordPress 3.5.1 Addresses Maintenance And Security
Leave a Comment
You must be logged in to post a comment.