Version 3.4.1

On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.

For version 3.4.1, the database version (db_version in wp_options) changed to 21115.

Installation/Update Information

To download WordPress 3.4.1, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

From the announcement post, this maintenance release addresses 18 bugs with version 3.4, including:

  • Fixes an issue where a theme’s page templates were sometimes not detected.
  • Addresses problems with some category permalink structures.
  • Better handling for plugins or themes loading JavaScript incorrectly.
  • Adds early support for uploading images on iOS 6 devices.
  • Allows for a technique commonly used by plugins to detect a network-wide activation.
  • Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.

Additionally: Version 3.4.1 fixes a few security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team:

  • Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
  • CSRF. Additional CSRF protection in the customizer.
  • Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
  • Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
  • Hardening: Require a child theme to be activated with its intended parent only.

A full log of the changes made for 3.4.1 can be found at https://core.trac.wordpress.org/changeset?reponame=&new=21153%40branches%2F3.4&old=21076%40trunk

List of Files Revised

wp-login.php
wp-includes/post-template.php
wp-includes/class-wp-customize-manager.php
wp-includes/update.php
wp-includes/class-phpmailer.php
wp-includes/version.php
wp-includes/js/customize-preview.dev.js
wp-includes/js/customize-preview.js
wp-includes/class-wp-theme.php
wp-includes/theme.php
wp-includes/functions.php
wp-includes/l10n.php
wp-includes/class.wp-scripts.php
wp-includes/class-wp-xmlrpc-server.php
wp-includes/rewrite.php
wp-includes/canonical.php
wp-includes/capabilities.php
wp-includes/script-loader.php
wp-includes/class-wp-editor.php
readme.html
wp-admin/includes/plugin.php
wp-admin/includes/update.php
wp-admin/includes/meta-boxes.php
wp-admin/includes/update-core.php
wp-admin/customize.php
wp-admin/js/common.js
wp-admin/js/common.dev.js
wp-admin/js/customize-controls.js
wp-admin/js/customize-controls.dev.js
wp-admin/load-scripts.php
wp-admin/css/wp-admin.dev.css
wp-admin/css/wp-admin.css
wp-admin/about.php
wp-admin/themes.php

First published

Last updated