WordPress has reached milestone 3.8.2. Yesterday, Andrew Nacin announced the security release—urging users to update their sites right away. The update requires urgency as it addresses substantial security concerns that have been reported to the WordPress security team over the past few months.
One security concern that 3.8.2 addresses is site vulnerability to forgery of authentication cookies. The fallacy, identified and resolved Jon Cave, was that attackers could potentially obtain access to WordPress sites by forging authentication cookies. Another change 3.8.2 has provided is new privilege-setting abilities. You can now prevent “Contributors” from publishing unwanted posts.
In the announcement, Nacin went on to list a few other minor security changes:
- Prevent potential cross-domain scripting through Pupload.
- Fix a low-impact SQL injection by trusted users.
To update your site, go to Dashboard > Updates, and click “Update now.” Alternatively, you can go to WordPress.org download it. For WordPress sites supporting automatic background updates, you will be automatically updated within 12 hours.
WordPress security is taken very seriously. If you encounter a security issue, you should report it to the WordPress security team.
For more on the release, tune in for tonight’s episode of DradCast to hear lead WordPress developer Mark Jaquith discuss 3.8.2!
What’s your favorite security update of 3.8.2?
No Comments