The Latest in IT Security

WordPress 3.1.3 available (security fixes)

26
May
2011

If you are using WordPress, make sure to upgrade it now. The version 3.1.3 was just released with a few security fixes:

* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props Veronica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce “clickjacking” protection in modern browsers on admin and login pages.

You can download the new version here or just follow their automated (very simple) update process.. Those were all the files changed from 3.1.2 to 3.1.3:

Files wordpress-3.1.2/readme.html and wordpress-3.1.3/readme.html differ
Files wordpress-3.1.2/wp-admin/admin-ajax.php and wordpress-3.1.3/wp-admin/admin-ajax.php differ
Files wordpress-3.1.2/wp-admin/custom-background.php and wordpress-3.1.3/wp-admin/custom-background.php differ
Files wordpress-3.1.2/wp-admin/custom-header.php and wordpress-3.1.3/wp-admin/custom-header.php differ
Files wordpress-3.1.2/wp-admin/includes/class-wp-plugins-list-table.php and wordpress-3.1.3/wp-admin/includes/class-wp-plugins-list-table.php differ
Files wordpress-3.1.2/wp-admin/includes/import.php and wordpress-3.1.3/wp-admin/includes/import.php differ
Files wordpress-3.1.2/wp-admin/includes/media.php and wordpress-3.1.3/wp-admin/includes/media.php differ
Files wordpress-3.1.2/wp-admin/includes/post.php and wordpress-3.1.3/wp-admin/includes/post.php differ
Files wordpress-3.1.2/wp-admin/includes/template.php and wordpress-3.1.3/wp-admin/includes/template.php differ
Files wordpress-3.1.2/wp-admin/includes/update-core.php and wordpress-3.1.3/wp-admin/includes/update-core.php differ
Files wordpress-3.1.2/wp-admin/ms-delete-site.php and wordpress-3.1.3/wp-admin/ms-delete-site.php differ
Files wordpress-3.1.2/wp-admin/plugins.php and wordpress-3.1.3/wp-admin/plugins.php differ
Files wordpress-3.1.2/wp-admin/press-this.php and wordpress-3.1.3/wp-admin/press-this.php differ
Files wordpress-3.1.2/wp-app.php and wordpress-3.1.3/wp-app.php differ
Files wordpress-3.1.2/wp-includes/canonical.php and wordpress-3.1.3/wp-includes/canonical.php differ
Files wordpress-3.1.2/wp-includes/class-oembed.php and wordpress-3.1.3/wp-includes/class-oembed.php differ
Files wordpress-3.1.2/wp-includes/default-filters.php and wordpress-3.1.3/wp-includes/default-filters.php differ
Files wordpress-3.1.2/wp-includes/formatting.php and wordpress-3.1.3/wp-includes/formatting.php differ
Files wordpress-3.1.2/wp-includes/functions.php and wordpress-3.1.3/wp-includes/functions.php differ
Files wordpress-3.1.2/wp-includes/meta.php and wordpress-3.1.3/wp-includes/meta.php differ
Files wordpress-3.1.2/wp-includes/post.php and wordpress-3.1.3/wp-includes/post.php differ
Files wordpress-3.1.2/wp-includes/query.php and wordpress-3.1.3/wp-includes/query.php differ
Files wordpress-3.1.2/wp-includes/taxonomy.php and wordpress-3.1.3/wp-includes/taxonomy.php differ
Files wordpress-3.1.2/wp-includes/theme.php and wordpress-3.1.3/wp-includes/theme.php differ
Files wordpress-3.1.2/wp-includes/version.php and wordpress-3.1.3/wp-includes/version.php differ
Files wordpress-3.1.2/wp-login.php and wordpress-3.1.3/wp-login.php differ

Remember, the first step for a secure site, is an updated site! We also recommend the following WordPress security plugin if you want to harden your WordPress install: http://sucuri.net/wordpress-security-monitoring.

Leave a reply


Categories

TUESDAY, NOVEMBER 21, 2017

Featured

Archives

Latest Comments

Social Networks