WordPress 3.1.1 is available (security fixes)

  • April 5, 2011

There is a new version of WordPress available (3.1.1) that includes multiple security fixes.

These are the changes according to WordPress.org:

Some security hardening to media uploads, performance improvements, fixes for IIS6 support and fixes for taxonomy and PATHINFO (/index.php/) permalinks.

Version 3.1.1 also addresses three security issues discovered by WordPress core developers Jon Cave and Peter Westwood, of our security team. The first hardens CSRF prevention in the media uploader. The second avoids a PHP crash in certain environments when handling devilishly devised links in comments, and the third addresses an XSS flaw.

If you are curious about the changes, here are the modified files:

wordpress-3.1/readme.html
wordpress-3.1/wp-admin/includes/class-wp-ms-sites-list-table.php
wordpress-3.1/wp-admin/includes/class-wp-upgrader.php
wordpress-3.1/wp-admin/includes/dashboard.php
wordpress-3.1/wp-admin/includes/media.php
wordpress-3.1/wp-admin/includes/update-core.php
wordpress-3.1/wp-admin/media-upload.php
wordpress-3.1/wp-admin/network/admin.php
wordpress-3.1/wp-admin/network/settings.php
wordpress-3.1/wp-admin/network.php
wordpress-3.1/wp-admin/upgrade.php
wordpress-3.1/wp-admin/user/admin.php
wordpress-3.1/wp-content/themes/twentyten/languages/twentyten.pot
wordpress-3.1/wp-includes/admin-bar.php
wordpress-3.1/wp-includes/canonical.php
wordpress-3.1/wp-includes/class-pop3.php
wordpress-3.1/wp-includes/css/admin-bar.css
wordpress-3.1/wp-includes/css/admin-bar.dev.css
wordpress-3.1/wp-includes/formatting.php
wordpress-3.1/wp-includes/functions.php
wordpress-3.1/wp-includes/js/tinymce/tiny_mce.js
wordpress-3.1/wp-includes/js/tinymce/wp-tinymce.js.gz
wordpress-3.1/wp-includes/link-template.php
wordpress-3.1/wp-includes/meta.php
wordpress-3.1/wp-includes/post.php
wordpress-3.1/wp-includes/query.php
wordpress-3.1/wp-includes/rewrite.php
wordpress-3.1/wp-includes/script-loader.php
wordpress-3.1/wp-includes/taxonomy.php
wordpress-3.1/wp-includes/version.php
wordpress-3.1/wp-includes/wp-db.php

As always, make sure to update your sites as soon as possible. You can double check your WordPress version using our scanner.

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

1 comment
  1. Pingback: bAsic wp tricks & tips « ~ArchytheOne ~

Comments are closed.

Related Categories
You May Also Like