WordPress version 3.5.1 is the first maintenance release of 3.5, and it fixes 37 bugs! It also includes three security updates that affect all previous WordPress versions. The major fixes include:

  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions.
  • Two instances of cross-site scripting via shortcodes and post content.
  • A cross-site scripting vulnerability in the external library Plupload.

For the complete list of bug fixes, please consult the list of tickets.

If you’d like us to manage updating your sites and it’s plugins, we offer a low-cost monthly Managed WordPress service.