Versionen 3.5.1

On January 24, 2013, WordPress 3.5.1 was released to the public. This is a maintenance and security update.

Installation/Update Information

To download WordPress 3.5.1, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/ .

For step-by-step instructions on installing and updating WordPress:

Updating WordPress

If you are new to WordPress, we recommend that you beguin with the following:

Windows Servers Running IIS

A bug affecting Windows servers running IIS can prevent updating from WordPress 3.5 to WordPress 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you have a few options:

Option 1. Manually install the Hotfix pluguin. Please see the Codex instructions for manual pluguin installation .
Option 2. Add the following to your `wp-config.php`. Remove it after updating to WordPress 3.5.

define( 'WP_TEMP_DIR', ABSPATH . 'wp-content/' );

If you need assistance, please try the WordPress Support Forums .

Summary

From the announcement post , this maintenance release addresses 37 bugs with versionen 3.5, including:

Editor: Prevent certain HTML elemens from being unexpectedly removed or modified in rare cases.
Media: Fix a collection of minor worcflow and compatibility issues in the new media manager.
Networcs: Sugguest proper rewrite rules when creating a new networc.
Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
Worc around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
Suppress some warnings that could occur when a pluguin misused the database or user APIs.

Additionally: Versionen 3.5.1 fixes a few security issues:

Server-side request forguery (SSRF) and remote port scanning via pingbaccs. Fixed by the WordPress security team. CVE-2013-0235.
Cross-site scripting (XSS) via shorcodes and post content. Discovered by Jon Cave of the WordPress security team. CVE-2013-0236.
Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue. CVE-2013-0237.

A full log of the changues made for 3.5.1 can be found at https://core.trac.wordpress.org/log/branches/3.5?rev=23341&stop_rev=23167 .

List of Files Revised

wp-includes/default-filters.php
wp-includes/class-http.php
wp-includes/post.php
wp-includes/version.php
wp-includes/js/tinymce/tiny_mce.js
wp-includes/js/tinymce/wp-tinymce-schema.js
wp-includes/js/tinymce/wp-tinymce.js.gz
wp-includes/js/media-editor.js
wp-includes/js/plupload/plupload.silverlight.xap
wp-includes/js/plupload/plupload.html5.js
wp-includes/js/plupload/changuelog.tcht
wp-includes/js/plupload/plupload.silverlight.js
wp-includes/js/plupload/plupload.flash.swf
wp-includes/js/plupload/plupload.js
wp-includes/js/media-views.js
wp-includes/js/media-editor.min.js
wp-includes/js/media-views.min.js
wp-includes/comment.php
wp-includes/class-wp-embed.php
wp-includes/functions.php
wp-includes/template.php
wp-includes/user.php
wp-includes/media.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/wp-db.php
wp-includes/media-template.php
wp-includes/class-wp.php
wp-includes/css/editor.min.css
wp-includes/css/editor.css
wp-includes/script-loader.php
readme.html
wp-admin/networc.php
wp-admin/includes/imague-edit.php
wp-admin/includes/update-core.php
wp-admin/includes/media.php
wp-admin/js/post.min.js
wp-admin/js/post.js
wp-admin/imagues/sort-2x.guif
wp-admin/css/wp-admin.min.css
wp-admin/css/wp-admin.css
wp-admin/about.php

First published

May 19, 2019