WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions.
The WordPress developers have released an update to their open source publishing platform that closes important security holes. Version 3.4.2 of WordPress addresses two privilege escalation vulnerabilities that could potentially be exploited by a malicious user to bypass certain security restrictions.
After nearly 15 million downloads since 3.4 was released not three months ago, we’ve identified and fixed a number of nagging bugs, including:
- Fix some issues with older browsers in the administration area.
- Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
- Improve plugin compatibility with the visual editor.
- Address pagination problems with some category permalink structures.
- Avoid errors with both oEmbed providers and trackbacks.
- Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.
The developers have also updated their WordPress for iOS mobile app to version 3.1.3. The update adds a settings form for editing and testing credentials for the WordPress enhancement package Jetpack, corrects problems when trying to reset passwords within the app, and fixes various crashing bugs.
Download 3.4.2 now or visit Dashboard → Updates in your site admin to update now.