WordPress 3.1.2 security update now available


It’s that time again: a new version of WordPress, now 3.1.2, is now available as a security update. It seems this fixes a vulnerability that would allow Contributor-level users to publish posts when they shouldn’t have been able to.

You can download 3.1.2 manually, or (much more likely) click that fancy update button in your Dashboard.

Interestingly, this issue was discovered by Andrew Nacin and Benjamin Balter. Nacin you may recognize as a member of the WordPress Core Commit team. Balter’s name first cropped up, at least here on WPCandy, just yesterday as a participant in Google Summer of Code this year. Someone give him extra credit.

Are you all updated? Do you use the Dashboard update, or do you still manually update the old school way?

16 thoughts on “WordPress 3.1.2 security update now available

  1. I find myself using the admin update functionality a lot more nowadays. I had been using Subversion for most of my sites, but clicking a couple of buttons is about as simple as it gets. I rarely use FTP except in special circumstances for clients.

  2. I always update via Dashboard. It’s a lot more comfortable and always works fine for me. But nevertheless I feel a bit scary while updating my blog, about messing up my database or something. So I always backup it first, although WordPress never let me down so far. Thanks for the hint, I updated successfully. 🙂

  3. I usually update through the Dashboard. Sometimes FTP has to come to the rescue because the update does not proceed (hangs) , and the maintenance screen stays up.

    But should we always update?
    Is my assumption correct that an update from for example 3.0.4 to 3.0.5 necessary because this takes care of security issues and bugs. But does an update from 3.0.5 to 3.1 also add security fixes? Or is this only to add extra functionality?

  4. I use FTP mainly because it’s proven to be the most reliable way of updating the sites. I’ve had too many problems with dashboard updates in the past, and it’s time consuming to try and resolve these so it’s just a matter of firing off the updates via FTP which works every time.

    • What bugs are we talking about? Have you tried deactivating all your plugins, and reverting to the default theme (in this case TwentyTen) and tried again; everything looks good here at my end! — If the problem persists, has the bug been reported, or talked about on WordPress.org somewhere?

  5. Since up-dating fifty plus of my WP sites to 3.1.2, I have received a large amount spam posted to the JPGs in the site media libraries. I never knew these files had comment forms. Before up-dating, not one piece of this sort of spam as received.

    Anyone else having this problem?

    Where can these media comment forms be turned off/eliminated/locked down?

Comments are closed.