WordPress 3.3.2 has been released and is available for download from WordPress.org. It is majorly a security release which fixes several bugs and security vulnerabilities (12 bug fixes to be exact). If you have already installed WordPress CMS, updating is quite simple and can be automated by the updater function provided by WordPress itself.
Let’s first look at some of the security fixes made in WordPress 3.3.2:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses the following issues:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins in a multisite network.
- Cross-site scripting vulnerability when making URLs clickable.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
I have been following the blogsphere for issues in upgrading to WordPress 3.3.2. There have not been a lot of issues. Some issues that have been running around include the loss of attachments after upgrading or some plugins conflicting with the core update functionality. To be on the safer side, you should always take a complete backup of your site including the files and the database and then proceed with the upgrade. Be sure to update the plugins and themes first and then update WordPress core files.
A WordPress user has compiled a list of plugins that are working fine with the latest version of WordPress. You may see his list here. You can read more about WordPress 3.3.2 in the changelog. If you are having any issues with upgrading WordPress, please let us know through comments below so that we may be able to help.
Usman, the author of this article, is testing installation of new languages in Windows with the new version of Vistalizator for Windows 7 SP1.