WordPress 3.5.1

on Friday, 25 January 2013
WordPress 3.5.1 is available. Version 3.5.1 is the first minor update to WordPress 3.5, it fixes bugs 37. It is also a security update applies to all previous versions of WordPress. To see the full list of changes, see the list of tickets and changelog. Among this list, here are some changes:

  • Publisher: Prevent certain HTML elements to be removed or changed unexpectedly in rare cases.
  • Media: Repairing a collection of minor problems and workflow compatibility in the new media manager.
  • Networks: Suggest rewriting rules clearer when creating a new network of sites.
  • Stop when the delayed publication of articles removing certain HTML elements, such as embedded videos when they are released.
  • Work around configurations that posed difficulties in some Javascript administration interface.
  • Deleting alerts that occurred when an extension was causing problems in the database to XML APIs or users.

A bug affecting Windows servers running IIS can prevent update WordPres 3.5 to 3.5.1. If you receive the message "The destination folder for the file stream does not exist or is not writable" ("Destination directory for file streaming does not exist or is not writable,"), you can try the following solutions:

  • Option 1: Install the Hotfix extension. Read the instructions on Codex for the manual installation of the extension.
  • Option 2: Add the following line to your "wp-config.php". Remove it after the update.

define ('WP_TEMP_DIR' ABSPATH. 'wp-content /'); 

WordPress 3.5.1 also brings few fixes security vulnerabilities:

  • A flaw SSRF and another involving the XML-RPC could potentially be used to display information and compromise a site. They affect all other versions of WordPress. These faults are corrected by the security team of WordPress. Moreover, thank you Gennady Kovshenin and Ryan Dewhurst for discovering these flaws.
  • Two XSS vulnerabilities were corrected in the shortcodes and types of content articles. These were discovered by Jon Cave of WordPress security team.
  • Another XSS vulnerability has been corrected in the external library Plupload. Thank you to the team for their collaboration Moxiecode for publishing Plupload 1.5.5 back.
Download 3.5.1 or visit your Dashboard → Update in your Administration to update now.