WordPress 3.1.1 closes security holes
The WordPress.org development team has issued version 3.1.1 of its open source blogging and publishing platform, a maintenance and security update to WordPress 3.1 from late February. According to the developers, the update addresses nearly 30 issues in WordPress, including three security vulnerabilities.
WordPress 3.1.1 corrects a cross-site request forgery (CSRF) vulnerability in the media uploader, as well as a PHP related crash caused when handling specially crafted links in comments. A cross-site scripting (XSS) issue has also been fixed.
Other changes in the release include various performance improvements, and fixes for IIS6 support, taxonomy and PATHINFO (/index.php/) permalinks, and plugin compatibility problems. All users are encouraged to upgrade to the latest release as soon as possible.
Further details can be found in a post on the WordPress blog. WordPress 3.1.1 is available in the WordPress dashboard or can be downloaded from the project's web site. Alternatively, users can update automatically via the Dashboard > Updates menu in the site admin area. WordPress is released under the GNU General Public License (GPL).
See also:
- WordPress replaces more than a million Microsoft Live Spaces blogs, a report from The H.
(crve)