ID: IRCNE2011071166
Date: 2011-07-02
According to eSecurity Planet, the WordPress 3.1.4 release follows the 3.1.3 update that came out at the end of May.
"This release fixes an issue that could allow a malicious editor-level user to gain further access to the site," WordPress developer Ryan Boren blogged.
Boren noted that WordPress 3.1.4 also incorporates several other security fixes and hardening measures. One such update is identified in changeset 18356, which provides new hardening and sanitizers for WordPress language files (WPLANG) and new admin email setup.
There are also new santization elements for the order of get_bookmarks,get_pages and get_terms. Code sanitization is intended to help ensure that bad input can't make it into the system that could potentially be leveraged by an attacker to exploit the system. The new WordPress 3.1.4 update comes as developers push forward on the next generation of the blogging platform. The third release candidate for WordPress 3.2 is now available, including the same security and hardening fixes that are in the 3.1.4 release. Additionally, WordPress 3.2 includes some additional JavaScript, and user interface fixes.
WordPress 3.2 is also set to provide performance gains for the server that will make the blogging platform run faster. In terms of user facing changes, the WordPress 3.2 release will have a focus on distraction-free writing. The new distraction-free visual editor user interface for composing blog posts is intended to help bloggers focus more on their content.
Another big shift with WordPress 3.2 comes in the form of the minimum requirements. The Microsoft IE6 browser will no longer be supported and the server requirements have also changed and no longer support PHP 4.
"As a reminder, we've bumped our minimum requirements for version 3.2 to PHP 5.2.4 and MySQL 5.0," Boren said.
- 2