Skip to main content

Wordpress 3.5.2 Released with security upgrades

Wordpress logo

I just saw notice in my Wordpress dashboard that their latest update is now available. It resolves a number of security issues in the software. As usual, it is best to install updates soon after they are released to prevent any hacking attacks that might arise from these known bugs. Click on the "Please Update Now" banner in your Wordpress Dashboard to install the update automatically.

From the Wordpress 3.5.2 release notes:

The security fixes included:

Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.

Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.

An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki.

Prevention of a denial of service attack, affecting sites using password-protected posts.

An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

Complete Release Announcement

Comments

Popular posts from this blog

Audio: Social Networks - LIVE from the Library Internet Seminar - November 8, 2007

This night we talked about social networks, the Writer's Guild Strike, traditional media and the future of new media. Listen to this seminar Links discussed in this seminar: MySpace - Add me as a friend in MySpace Facebook - Add me as a friend on Facebook LinkedIn - Connect to me on LinkedIn YouTube - Watch my videos on YouTube Ning.com Jott.com Garden Fork TV The Minimalist with Mark Bittman quarterlife Blogger.com Wordpress.com Mixergy.com The Wish Book Holiday Podcast Project

This DIY domino clock tells the time using three LED-lit tiles via Arduino Blog

After coming across Carbon Design Group’s Domino Wall Clock, which uses electronic magnetic coil motors to reveal white dots, Instructables member “Kothe” decided to create a simplified version of their own. The clock is comprised of three custom dominoes — the first tile for hours, the second and third for minutes. Unlike its inspiration, Kothe’s device uses addressable RGB LEDs as dots that allow for a variety of colors to shine through. Read This DIY domino clock tells the time using three LED-lit tiles via Arduino Blog An interesting link found among my daily reading

Onion Pi makes your web traffic anonymous via Open Electronics

Hmmm, might be an easy (and relatively cheap) way to play around with Tor and learn a bit more about this anonymizing service. -- Douglas Adafruit’s Onion Pi is a Tor proxy that makes your web traffic anonymous, allowing you to use the internet free of snoopers and any kind of surveillance. Follow Adafruit’s tutorial on setting up Onion Pi and you’re on your way to a peaceful anonymous browsing experience. Tor is an onion routing service – every internet packet goes through 3 layers of relays before going to your destination. This makes it much harder for the server you are accessing (or anyone snooping on your Internet use) to figure out who you are and where you are coming from. Read Onion Pi makes your web traffic anonymous via Open Electronics * A portion of each sale from Amazon.com directly supports our blogs ** Many of these books may be available from your local library. Check it out! An interesting link found among my daily reading