WordPress version 3.1.2 has been released to the public as of April 26, 2011.
This important maintenance and security release fixed a vulnerability that allowed Contributor-level users to improperly publish posts.
This issue was discovered by a member of their security team, WordPress developer Andrew Nacin and Benjamin Balter.
According to WordPress.org:
We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1.
Some other bug fixes were found in WordPress 3.1.1 and have been fixed with this new release, 3.1.2 including:
- Fixed user queries ordered by post count
- Fixed multiple tag quires bug
- Prevents over-escaping of post titles when using Quick Edit for pages.
Files Revised in WordPress 3.1.2:
- readme.html
- wp-admin/press-this.php
- wp-admin/includes/class-wp-posts-list-table.php
- wp-admin/includes/update-core.php
- wp-includes/post-template.php
- wp-includes/query.php
- wp-includes/user.php
- wp-includes/version.php
WordPress & Security Resources:
- WordPress News: 3.1.2 Security Hardening Update
- WordPress Codex: Version 3.1.2
- WordPress Trac: 3.1.2 Bug Fixes
- Download WordPress 3.1.2
- WordPress Codex – Updating WordPress
Important!
If you're self-hosting WordPress on your own domain, it is important that you upgrade to WordPress 3.1.2 as soon as possible.
Leave your feedback
Have you upgraded to WordPress 3.1.2? Did you upgrade WordPress automatically through the Dashboard or manually? Do you have any WordPress plugin issues with WP version 3.1.2? If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.
Securely yours,
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan
Thank you for sharing this update
Hey Angela,
You’re welcome. Thanks for posting your comment.
Regina
Thanks! You always explain the updates better then WordPress themselves! Thanks again!
Hi Paul,
Thanks so much for your kind words. I do my best.
~ Regina
Four blogs upgraded this morning, three of them on Thesis, no issues in the upgrade routine.
Kimberly
Hi Kimberly,
Woohooo! Glad you got them all upgraded without a problem. Mine went smoothly as well. The only issue I have is the TinyMCE Advanced plugin after I upgraded to 3.1. Firefox doesn’t seem to like it when adding links or images. IE seems to be fine.
Thanks for your comment,
Regina
I smoothly upgraded from the dashboard, however I seem to have a problem with widgets (possibly a theme issue though); when I drag a text widget, I need to save it before it opens and allows me to write and then save back again….
Hi Bianca,
Thanks for your comment. Hmmm I’ll have to see if mine does that too. Thanks for letting us know.
~ Regina Smola
Thank you. Your blog is s helpful. I am recommending it to others.
Awesome Lilia! I appreciate that. Be sure to join my affiliate program so I can pay you commissions as a thank you for promoting me.
I am very impressed with your wealth of knowledge. Keep up the great work.
Here’s a story that has no ending yet:
I recently did a google search of my site and found a “this site may be compromised” message from google.
I have no experience with web security and just took a look at the site in my browser. No change, all is well.
Then started investigating what I should do and came across your blog. After reading your blog I took down the site and tried to wrap my head around what I am about to embark upon. I think I did a proper backup when the site went up. Today I checked google again to see if the flag was still there and to my suprise it’s gone since I removed the site (I put up an under construction message as per your advice). When I looked at a cached page of the site (no clue why I did that) I found hundereds of spam links at the bottom of the page.
If you google teen tour theatre you can see it yourself.
I am about to restore what I hope is a fairly complete snapshot of the site.
What specific passwords should I be changing? And how do the bad guys get past the random passwords? Thx.