http://codex.wordpress.org/Version_3.6.1
Türkçeside yakında gelecektir...
Alıntı
Changelog
Additionally: Version 3.6.1 fixes three security issues:
Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE pending.
Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE pending.
Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE pending.
Additional security hardening:
Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.
A full log of the changes made for 3.6.1 can be found at http://core.trac.wordpress.org/log/b...4972&rev=25345.
Additionally: Version 3.6.1 fixes three security issues:
Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE pending.
Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE pending.
Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE pending.
Additional security hardening:
Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.
A full log of the changes made for 3.6.1 can be found at http://core.trac.wordpress.org/log/b...4972&rev=25345.
