January 25th, 2013
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include: Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare […]
September 6th, 2012
WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions. After nearly 15 million downloads since 3.4 was released not three months ago, we’ve identified and fixed a number of nagging bugs, including: Fix some issues with older browsers in the administration area. Fix an issue where a theme [...]
June 27th, 2012
WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks! This maintenance release addresses 18 bugs with version 3.4, including: Fixes an issue where a theme’s page templates were sometimes not detected. Addresses problems with some category permalink [...]
April 20th, 2012
WordPress 3.3.2 is available now and is a security update for all previous versions. Three external libraries included in WordPress received security updates: Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. SWFObject, which WordPress previously used to embed [...]
January 3rd, 2012
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team. Download 3.3.1 or visit [...]
June 29th, 2011
WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening [...]
June 22nd, 2011
Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory. We’re [...]
May 25th, 2011
WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements: Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros. Media security fixes by Richard Lundeen of Microsoft, Jesse Ou [...]
April 26th, 2011
WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts. The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter. We suggest you update to 3.1.2 promptly, especially if [...]
April 5th, 2011
WordPress 3.1.1 is now available. This maintenance and security release fixes almost thirty issues in 3.1, including: Some security hardening to media uploads Performance improvements Fixes for IIS6 support Fixes for taxonomy and PATHINFO (/index.php/) permalinks Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues Version 3.1.1 also addresses three [...]