You probably already see the notice in your dashboard that you have something *ahem* to do this weekend for yourself and perhaps all your clients, customers, and personal projects: v3.5.1 has been released!
37 bugs have been destroyed on this latest maintenance and security release and as mentioned via the WordPress blog it includes such things as:
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
I know personally that I’ve been experiencing the editor issue as well as the scheduled posts issue (which is vitally important for editorial blogs).
Glad to have these things fixed for sure! In terms of security you’ll be happy to know these things have been fixed:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions.
- Two instances of cross-site scripting via shortcodes and post content.
- A cross-site scripting vulnerability in the external library Plupload.
Again, great stuff to have. As much as I don’t like having to update the tons of installations I have – it’s necessary and good and I’d much rather have this than being vulnerable!