WordPress Version 3.4.1 Pushed Out

It looks like WordPress just pushed out an update with version 3.4.1 yesterday.

Here are the changes:

  • Fixes an issue where a theme’s page templates were sometimes not detected.
  • Addresses problems with some category permalink structures.
  • Better handling for plugins or themes loading JavaScript incorrectly.
  • Adds early support for uploading images on iOS 6 devices.
  • Allows for a technique commonly used by plugins to detect a network-wide activation.
  • Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.

In addition, there were some security fixes included too:

Version 3.4.1 fixes a few security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team:

  • Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
  • CSRF. Additional CSRF protection in the customizer.
  • Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
  • Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
  • Hardening: Require a child theme to be activated with its intended parent only.

For the full change log, visit the WordPress site.

As always, before doing any upgrade or update, please do a backup of your site.

Spread the word!

2 Responses

  1. I’ve really enjoyed reading your different articles. They are so informative and interesting. This post give truly quality information. I’m definitely going to look into it. Really very useful tips are provided here. thank you so much.Keep up the good works.

Leave a reply

Copyright © 2016 Vesped Inc. All Rights Reserved. Proudly Powered by Headway and WordPress