WordPress 3.4.1 is Released
On June 27, 2012, WordPress 3.4.1 was released to the public. WordPress 3.4.1 is a maintenance and security update which addresses 18 bugs with version 3.4. It fixes a few important security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team. Update WordPress to the latest 3.4.1 asap. Read further about the changes and find out how to upgrade WordPress to the latest version automatically.
Changes in WordPress 3.4.1
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
- Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
- CSRF. Additional CSRF protection in the customizer.
- Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
- Deprecated wp_explain_nonce(), which could reveal unnecessary information.
List of Files Revised
To download WordPress 3.4.1, update automatically from the Dashboard > Updates menu in your site’s admin area. You can also use WordPress Automatic Upgrade to automatically upgrade WordPress to the latest version.