WordPress version 3.1.3 was tagged this afternoon and is now available for download. This is a security release, so it’s recommended that you update your sites right away. You can download the update from WordPress.org, or by using the automatic update within WordPress itself.
Lead developer Mark Jaquith posted the update to the official WordPress news blog, and listed the changes this time around:
- Various security hardening by Alexander Concha.
- Taxonomy query hardening by John Lamansky.
- Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
- Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
- Improves file upload security on hosts with dangerous security settings.
- Cleans up old WordPress import files if the import does not finish.
- Introduce “clickjacking” protection in modern browsers on admin and login pages.
Along with this release, the second beta of 3.2 is available as well. This marks another step toward the full release of 3.2, which we’ve been closely documenting as it progresses. Most recently beta 1 was activated for WordPress.com users, essentially making beta-testers of over twenty million WordPress sites and their users. You can update your WordPress trunk to continue testing and improving for the release, or download it directly.
Have you updated your WordPress sites yet?