WordPress 3.4.2 Maintenance and Security Release to the public on September 6, 2012
This update is for all previous versions of WordPress (3.4.1 and prior).
For security of your self-hosted WordPress website(s), please update to WordPress version 3.4.2 immediately to fix any security vulnerabilities and bugs.
Summary of WordPress security issues fixed in this release:
Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
How to Update WordPress
Log-in to your WordPress dashboard (i.e. http://www.your domain.com/wp-admin) and look for the “Please update now” link at the top of the page (see screen shot below).
I just upgraded WPSecurityLock.com to WordPress 3.4.2 without a hitch. There was a database update required so be sure you stay at your browser when doing the auto-update and follow the instructions.
Note: Be sure you create a full backup of your database and files before updating.
Or if you prefer to update manually, we recommend the Upgrading WordPress Extended version at http://codex.wordpress.org/Upgrading_WordPress_Extended.
What’s New in WordPress 3.4.2
In WordPress version 3.4.2, there are numerous security fixes and additional security hardening, including:
- Fix unfiltered HTML capabilities in multisite.
- Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
- Allow operations on network plugins only through the network admin.
- Hardening: Simplify error messages when uploads fail.
- Hardening: Validate a parameter passed to wp_get_object_terms().
This release also includes bug fixes including:
- Fixes some issues in the admin area where some older browsers (IE7, in particular) may slow down, lag, or freeze.
- Fixes an issue where a theme may not preview correctly, or its screenshot may not be displayed.
- Fixes the use of multiple trackback URLs in a post.
- Prevents improperly sized images from being uploaded as headers from the customizer.
- Ensures proper error messages can be shown to PHP4 installs. (WordPress requires PHP 5.2.4 or later.)
- Fixes handling of oEmbed providers that only return XML responses.
- Addresses pagination problems with some category permalink structures.
- Adds more fields to be returned from the XML-RPC wp.getPost method.
- Avoids errors when updating automatically from very old versions of WordPress (pre-3.0).
- Fixes problems with the visual editor when working with captions.
I can’t stress enough the importance of keeping your WordPress installation up to date. The WordPress Security Team does an excellent job of closing any vulnerability found and releases these updates for us to stay safe. There have been close to 15 million downloads since version 3.4 was released June 13, 2012, so without updating to version 3.4.2 that leaves many sites vulnerable.
Please help others using WordPress and spread the word about this important update by using the social icons below and email the link to this article to your list.
Leave Your Feedback
Let us know if you had any issues when updating to WordPress 3.4.2. Did you find any WordPress plugin or theme conflicts? Please leave your comment below.