In association with heise online

06 April 2011, 09:39

WordPress 3.1.1 closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

WordPress Logo The development team has issued version 3.1.1 of its open source blogging and publishing platform, a maintenance and security update to WordPress 3.1 from late February. According to the developers, the update addresses nearly 30 issues in WordPress, including three security vulnerabilities.

WordPress 3.1.1 corrects a cross-site request forgery (CSRF) vulnerability in the media uploader, as well as a PHP related crash caused when handling specially crafted links in comments. A cross-site scripting (XSS) issue has also been fixed.

Other changes in the release include various performance improvements, and fixes for IIS6 support, taxonomy and PATHINFO (/index.php/) permalinks, and plugin compatibility problems. All users are encouraged to upgrade to the latest release as soon as possible.

Further details can be found in a post on the WordPress blog. WordPress 3.1.1 is available in the WordPress dashboard or can be downloaded from the project's web site. Alternatively, users can update automatically via the Dashboard > Updates menu in the site admin area. WordPress is released under the GNU General Public License (GPL).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit