WordPress 3.3.1 Security and Maintenance Release

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.

Download 3.3.1 or visit Dashboard → Updates in your site admin.

WordPress 3.1.4 (and 3.2 Release Candidate 3)

WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions.

This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening measures thanks to the work of WordPress developers Alexander Concha and Jon Cave of our security team. Consult the change log for more details.

Download WordPress 3.1.4 or update immediately from the Dashboard → Updates menu in your site’s admin area.

WordPress 3.2 Release Candidate 3

This release was about all that stood in the way of a final release of WordPress 3.2. So we’re also announcing the third release candidate for 3.2, which contains all of the fixes in 3.1.4; few minor RTL, JavaScript, and user interface fixes; and ensures graceful failures if 3.2 is run on PHP4. As a reminder, we’ve bumped our minimum requirements for version 3.2 to PHP 5.2.4 and MySQL 5.0.

To test WordPress 3.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). At this stage, plugin authors should be doing final tests to ensure compatibility.

Bonus: For more on what to test and what to do if you find an issue, please read our Beta 1 post.

WordPress 3.1.2

WordPress 3.1.2 is now available and is a security release for all previous WordPress versions.

This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.

The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter.

We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1.

Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site’s admin area.