16/09/2013

WordPress 3.6.1 is now available

Version 3.6.1 from CMS is now available. This is a maintenance release and 13 bugs reported in version 3.6 are fixed. It is also a security update for previous versions of WordPress.

First, version 3.6.1 blocks unsafe PHP unserialization, which may occur in specific cases and setups that might lead to remote code execution.

Secondly, this version fixes the vulnerability that allowed a user registered as an author to create a post and attribute it to another user via a request designed for this procedure.

Thirdly, this maintenance version solves the problem of insufficient input validation, which could inappropriately redirect the user to another page or another website.

Finally, the security restrictions around file uploads have been revised to reduce the risk of cross-site scripting.

For version 3.6.1, the community recommends updating your version via the Updates menu in the Dashboard in your site’s admin area or downloading WordPress 3.6.1.

News