As you know, all of the websites that the Monkeys own and design run on WordPress, and one common task is to take care of the CMS software and plugin updates.
WordPress has just released an update that brings the version of WordPress to 3.4.2. This update is a maintenance and security update, which makes updates a pretty important matter.
WordPress admins who login should immediately see the update notifications in the admin dashboard from where you can run the update internally to install it in no time at all really.
Those hard core Monkey-Coders among you who prefer to install updates manually, you can download the latest version from the WordPress website.
Security related issues
WordPress 3.4.2 fixes several security related issues and on top of that includes additional security hardening efforts.
The official WordPress changelog lists the following security related changes:
- Fix unfiltered HTML capabilities in multisite.
- Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
- Allow operations on network plugins only through the network admin.
- Hardening: Simplify error messages when uploads fail.
- Hardening: Validate a parameter passed to wp_get_object_terms().
As far as on going maintenance goes, 18 different bugs are fixed in this WordPress 3.4.2 of which the majority seem address issues that only a small number of WordPress admins and users likely have come in contact with.
- Fixes some issues in the admin area where some older browsers (IE7, in particular) may slow down, lag, or freeze.
- Fixes an issue where a theme may not preview correctly, or its screenshot may not be displayed.
- Fixes the use of multiple trackback URLs in a post.
- Prevents improperly sized images from being uploaded as headers from the customizer.
- Ensures proper error messages can be shown to PHP4 installs. (WordPress requires PHP 5.2.4 or later.)
- Fixes handling of oEmbed providers that only return XML responses.
- Addresses pagination problems with some category permalink structures.
- Adds more fields to be returned from the XML-RPC wp.getPost method.
- Avoids errors when updating automatically from very old versions of WordPress (pre-3.0).
- Fixes problems with the visual editor when working with captions.
The security fixes and hardening are reason enough to update the blog as soon as possible to avoid issues that can arise if these are exploited in attacks.
As always, you really DO need to backup your website first before you run the update to make sure that you have an option to restore it to the previous version if the need arises.
While it is pretty unlikely that you will have any issues with this update (we’ve update 15 sites today with no hiccups so far!) it is still possible that this may happen.
Anyway Monkeys here’s wishing you “Happy updating”.