WordPress 3.4.2 run for Public


On September 6, 2012, WordPress 3.4.2 was released to the public. This is a maintenance and security update.

Version 3.4.2 fixes a few security issues and contains some security hardening. These issues were discovered and addressed by the WordPress security team:

  • Fix unfiltered HTML capabilities in multisite.
  • Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
  • Allow operations on network plugins only through the network admin.
  • Hardening: Simplify error messages when uploads fail.
  • Hardening: Validate a parameter passed to wp_get_object_terms().

A full log of the changes made for 3.4.2 can be found

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s