WordPress 3.3.2 Released
Posted: Friday, April 20th, 2012 at 5:38 pm
On April 20, 2012, WordPress 3.3.2 was released to the public.
This is a maintenance and security update.
Please login to your WordPress installation and click the Automated Upgrade Link, it’s that easy. WordPress takes care of all the updating for you. For more information on upgrading WordPress please click here.
Summary of this update:
Three external libraries included in WordPress received security updates:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
- Cross-site scripting vulnerability when making URLs clickable.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
A full log of the changes made for 3.3.2 can be found at http://core.trac.wordpress.org/changeset?new=20550%40branches%2F3.3&old=20087%40branches%2F3.3