Welcome to WebmasterWorld Guest from 54.234.38.8

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

WordPress Update - 3.6.1

maint & security

     
12:05 pm on Sep 12, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release.

[wordpress.org...]
1:14 pm on Sept 12, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22318
votes: 240


Thanks for posting. That looks like an important update.

From WordPress release.
WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.