Just when you think that the day was about to be over, we started seeing an update bar in our dashboard. Turns out that the WordPress has released WordPress 3.6.1, maintenance and security update. In this release, the WordPress security and maintenance team fixed three security issues, and 13 other bugs. We strongly recommend that you upgrade your WordPress sites right away.
The security fixes in WordPress 3.6.1 are:
- Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
- Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
- Fix insufficient input validation that could result in redirecting or leading a user to another website.
Additionally, they also adjusted security restrictions around file uploads to mitigate potential cross-site scripting.
Among the 13 bugs, they fixed the jQuery 1.10.2.min.map 404 error which was causing the text editor to unresponsive. It was also breaking the comments on sites that used Jetpack comments. We got tons of reports regarding that, so we’re glad that it is fixed.
We strongly encourage you to upgrade your WordPress sites right now. Also don’t forget to create a backup just in case.