WordPress 3.5.2 is a new maintenance & security release that fixes several issues in the CMS software. The development team suggests strongly that site admins and webmasters update their blogs immediately to the new version.
This is a security release for ALL previous versions and the WordPress development team is strongly encouraging us to update our sites immediately. The WordPress security team have resolved 7 security issues, and this new release contains some additional security hardening, always welcome!
As far as security fixes are concerned, the following have been resolved in WordPress 3.5.2.
- Server-side request forgery attacks that could provide attackers with access to the site.
- Contributors can no longer publish posts improperly.
- The SWFUpload library has been updated that fixes several cross-site scripting vulnerabilities.
- Blocking denial of service attacks against sites that use password protected posts.
- An update to TinyMCE fixing a cross-site scripting vulnerability.
- Multiple cross-site scripting vulnerability fixes.
- Full path not disclosed when uploads fail.
This particular update should go through without any issues on most blogs and websites. The Monkeys have updated a dozen websites so far, of course including this one, and none acted weirdly after this update. All the plugins, the theme and the site’s functionality worked just fine like before.
Of course while that has been the case, it is still recommended to make a backup of your blog before you apply the update so that you can roll it back if you run into issues.
You should apply the update directly from the admin dashboard.