WordPress.org

Ready to get started?Download WordPress

Codex

Attention Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 3.6.1

On September 11, 2013, WordPress 3.6.1 was released to the public. This is a maintenance and security update.

Installation/Update Information

To download WordPress 3.6.1, update automatically from the Dashboard > Updates menu in your site's admin area or visit http://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, this maintenance release addresses 13 bugs with version 3.6.

Additionally: Version 3.6.1 fixes three security issues:

  • Remote Code Execution: Block unsafe PHP de-serialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem. CVE-2013-4338.
  • Link Injection / Open Redirect: Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention. CVE-2013-4339.
  • Privilege Escalation: Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. Reported by Anakorn Kyavatanakij. CVE-2013-4340.

Additional security hardening:

  • Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

A full log of the changes made for 3.6.1 can be found at http://core.trac.wordpress.org/log/branches/3.6?stop_rev=24972&rev=25345.

List of Files Revised

readme.html
wp-admin/about.php
wp-admin/nav-menus.php
wp-admin/includes/post.php
wp-admin/includes/update-core.php
wp-admin/includes/template.php
wp-admin/network/upgrade.php
wp-admin/js/common.js
wp-includes/pluggable.php
wp-includes/comment-template.php
wp-includes/post-template.php
wp-includes/version.php
wp-includes/theme.php
wp-includes/functions.php
wp-includes/ms-functions.php
wp-includes/link-template.php
wp-includes/class-http.php
wp-includes/js/jquery/jquery.js
wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js
wp-includes/js/tinymce/plugins/wordpress/editor_plugin_src.js
wp-includes/js/tinymce/wp-tinymce.js.gz
And see others WordPress Versions.