What is new in the WordPress 3.5.2 Release

wordpress-update-150x150Yesterday June 21, 2013 WordPress 3.5.2 was released for public download. This updated is a minor maintenance update fixing 12 bugs in WordPress 3.5 and 3.5.1. It is mainly a security release and you should not wait too long to upgrade your blog. In fact the WordPress team “strongly encourage you to update your sites immediately”. The update includes 7 security fixes that you don’t want to miss.

Upgrading to WordPress 3.5.2

The upgrade procedure is very simple, but as always when upgrading a WordPress blog remember to do a full backup of both files and database, just to be sure. I have already upgraded this blog and had no issues in the process at all.


The 7 security fixes included:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
  • Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
  • Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.

WordPress website targeted by hackersWordpress maintenance

If you don’t think you should upgrade your WordPress blog now you might want to check out this article from BBC News. Wordpress blogs has been targeted by hackers and botnets big time so far in 2013 and personally I have seen more than 100 failed login attempts on my little blog for the last week. If your blog is up-to-date the hackers might go for someone’s blog that are not 😉

When are you going to upgrade to WordPress 3.5.2?

How about you? When are you going to upgrade your WordPress blog? Are you a first mover or are you waiting to see some feedback from other bloggers first?

About the author:
I am an IT Professional that has this blog as a hobby project in my spare time. I have been in the IT business since 1996 and want to share some of the thing I have picked up over the years, with people who visit this blog.

>>Subscribe to my Newsletter<<

11 Responses to What is new in the WordPress 3.5.2 Release

  1. Frank Cern says:

    WordPress blogs are a hacker’s favorite…one of mine actually got hacked last year.

    • Thomas says:

      Hi Frank
      It really is something that all WordPress blog owners should be taking very serious. There is a lot of hackers out there that would love to take down our blogs.

  2. bbrian017 says:

    Hi Thomas, it always amazes me how fast wordpress can spread the word about a new version. They have s much social media power it blows my mind. I did the update without issues and I always look forward to the new features added.

    • Thomas says:

      Hi Brian
      The word is spreading pretty fast on the Internet, but more than 50 million blogs are running WordPress, so there is a lot of people that care about it 🙂

  3. Rajesh Jhamb says:

    Hello Thomas,
    we have already updated wordpress 3.5.2 but I don’t know about benefits of this version. But After reading your article I got my answer.
    Thanks for this imformative post.

  4. For Security reasons I will upgrade my wordpress blog to version 3.5.2. Hoping it will make never lasting security shield for my blog.

  5. Unifi3d says:

    Nice article. I haven’t updated WP yet i’am still pretty new at this, so i will do this as soon as possible. Thanks for the interesting article

    • Thomas says:

      Hi Ralph
      You should upgrade Ralph, a lot of WordPress blogs are getting hacked every day. Remember to make a good backup before you start just in case something goes wrong.

Leave a Reply

Your email address will not be published. Required fields are marked *