Es viernes y el día de trabajo casi ha terminado aquí en la costa este de EE.UU., pero todavía estamos aquí actualizando todos nuestros sitios de WordPress mientras escribimos esto. El equipo de WordPress ha lanzado WordPress 3.5.2, actualización de mantenimiento y seguridad. En esta versión, el equipo de seguridad de WordPress ha resuelto siete problemas / conflictos / incidencias de seguridad y ha añadido refuerzos de seguridad adicionales. Le recomendamos encarecidamente que actualice sus sitios de WordPress de inmediato.
Las correcciones de seguridad en WordPress 3.5.2 incluyen:
- Bloqueo de ataques de falsificación de peticiones del lado del servidor, que podrían activar el acceso de un atacante a un sitio.
- Impedir que los colaboradores publiquen entradas indebidamente o reasignen la autoría de la entrada.
- Actualización de la biblioteca externa SWFUpload para corregir vulnerabilidades de scripting entre sitios.
- Prevención de un ataque de denegación de servicio que afecta a los sitios que utilizan entradas protegidas por contraseña.
- Actualización de una biblioteca externa de TinyMCE para corregir una vulnerabilidad de scripts entre sitios.
- Múltiples correcciones de secuencias de comandos en sitios cruzados.
- Se evita revelar la ruta completa de un archivo cuando falla una subida.
Actualización a WordPress 3.5.2. Vaya a su Escritorio ” Actualizaciones y hágalo con 1 clic.
Syed Balkhi says
Hey WPBeginner readers,
Did you know you can win exciting prizes by commenting on WPBeginner?
Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
You can get more details about the contest from here.
Start sharing your thoughts below to stand a chance to win!
Adnan Fasih says
There are so many issues in 3.5.2 update. Admin panel is disappearing; I had to manually fix the wp-admin folder from FTP. This is disappointing first 3.5.2 contains multiple issues and now 3.6 is further delayed.
Gautam Thapar says
There seems to be some changes related to date format as well. First of all I noticed it in google webmaster tools which displayed error related to sitemap date. I use sitemap generated through WordPress SEO by Yoast.
Then I noticed it in my custom post type backend where the list of posts use to display in this format – ‘2013/06/17 Published’ but now after the update it is displaying in the format which I use for the frontend – ‘1 hour ago Published’.
Len Printz says
Hi guys! We updated to 3.5.2 and now our media library isn’t functioning properly…when trying to post an image to a page, we don’t see any of our images in the library and, also, our Nivo slider just chugs and we can’t manage that either!
Any ideas would be MOST appreciated!
Thanks so much!
Stark says
Good to know, thanks so much.
Claire says
Upgrade appears to have worked beautifully! Thanks much.
Joseph says
Fine for me! Everything worked just fine. I have two sites with different themes and both had no issues with the update.
Terence says
I am always grateful for all the work the guys do behind the scenes keeping my site safe. But this really was the worst experience I have had with an update in all the years I have worked with WordPress, and from what I can see in the WordPress forums I am not the only one.
In the end I had to disconnect my CDN and remove all my security and deactivate every plugin, only then would it install.
Be very VERY careful with 3.5.2 and as you should do anyway, be sure to take a complete backup (website and SQL), before trying to install this update.
Terence.
Editorial Staff says
That is rather strange Terence. Our WordPress 3.5.2 update worked just fine. We did have an issue where caching stopped, but that was due to an update of another plugin “WordPress SEO by Yoast”, but he was very quick to roll out another update with fixes.
Administrador
Terence says
Which just goes to show how no two sites are alike, except superficially.
The one problem I didn’t have a problem with ~ at least nothing to do with 3.5.2 ~ was Joost’s.
Terence says
Ooops! I take that back… WP SEO is now showing a red banner and claiming I have to remove `<meta name="description" content="” />` from my theme, and it then offers to fix it for me automagically, but although it offers, it doesn’t work.
Editorial Staff says
Well you shouldn’t have meta description tag in your theme if you are using WordPress SEO by Yoast.
Tony says
Thanks for letting me know.
Mary says
Thank you for this awesome rundown.
I do tend to “shake in the knees” whenever I update anything. Of course, I do it antway!!!
I have lost headers and footers. I hope it doesnt happen with a WP update.
Nonetheless, the WordPress team is truly amazing.
I really like your site alot. You cover so many important topics and you do it well!
Thank you! Mary
Editorial Staff says
Thank you for the very kind words Mary. We really appreciate your support.
Administrador
kurtis says
being new to wordpress and your site…. is there proper things I should before I update? I read BACKUP, deactivate all plugins and then update. Is the the correct thing to do? can you please steer me in the right direction… I am in the middle of building a huge ecommerce site with woocommerce and I don’t want to loose or affect anything I am currently working on. I have woodojo launchpad enable during this build
thank you! I love your blog!
would love to see more info on e commerce like SEO, builds etc just an idea for you
Editorial Staff says
Having a regular backup is necessary. We use a paid service VaultPress by Automattic to handle our real-time backup. We simply click on the one-click update and it works.
Administrador
Keith Davis says
Thanks guys
All sites now updated and looking good.
Love the WordPress one-click update.
iAn says
I am done updating with my membership sites but there is this strange activity happening – I keep on receiving spam registrations…i am using si captcha for security…i have disabled the registrations for the moment.
Anmol Makkar says
Does it changes, any edits I’ve made to themes and plugins in PHP editor?
Editorial Staff says
No
Administrador