WordPress 3.1.3 security update now available

1 Comment

WordPress version 3.1.3 was tagged this afternoon and is now available for download. This is a security release, so it’s recommended that you update your sites right away. You can download the update from WordPress.org, or by using the automatic update within WordPress itself.

Lead developer Mark Jaquith posted the update to the official WordPress news blog, and listed the changes this time around:

  • Various security hardening by Alexander Concha.
  • Taxonomy query hardening by John Lamansky.
  • Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
  • Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
  • Improves file upload security on hosts with dangerous security settings.
  • Cleans up old WordPress import files if the import does not finish.
  • Introduce “clickjacking” protection in modern browsers on admin and login pages.

You can read the full release post on WordPress.org, as well as the full changelog on Trac.

Along with this release, the second beta of 3.2 is available as well. This marks another step toward the full release of 3.2, which we’ve been closely documenting as it progresses. Most recently beta 1 was activated for WordPress.com users, essentially making beta-testers of over twenty million WordPress sites and their users. You can update your WordPress trunk to continue testing and improving for the release, or download it directly.

Have you updated your WordPress sites yet?

One thought on “WordPress 3.1.3 security update now available

  1. Is it just me, or does it seem like Microsoft must be doing something relating to WordPress since they’re reporting security flaws in the software?

Comments are closed.