WordPress 3.5.1 is now available for download or update within your WordPress dashboard. This version is a maintenance and security release for all previous versions.
Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. For a full list of changes, consult the list of tickets and the changelog, which include:
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
WordPress 3.5.1 also addresses the following security issues:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
- Two instances of cross-site scripting via shortcodes and post content.
- A cross-site scripting vulnerability in the external library Plupload.
We recommend everyone to update their WordPress to this latest version ASAP!
