WordPress 3.6.1 sikkerhetsoppdatering

wordpress-securityWordPress annonserte for et par dager siden en sikkerhetsoppdatering til 3.6. Anbefaler alle som har egen WordPress blogg å oppdatere denne asap.

Oppdateringen gjøres enkelt fra konsollet på bloggen, ved å trykke på “Update” linken.

Det er tre feil som ble rettet denne gangen.

Fra WordPress.org bloggen:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.

Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

Leave a Reply