This week, WordPress announced an update to its latest version – Oscar Peterson – to fix 13 bugs.
This is not unusual. Every time a major update is released, some sharp programmer finds a vulnerability and the WordPress company, Automattic, says, “oops, my bad,” and quickly patches it and releases it with the added “.1”.
It happens every time.
WordPress 3.6 Fixes
According to the press release, there were also three vulnerabilities found in ALL versions since forever, and WordPress 3.6 .1 will fix those too.
▪ Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
▪ Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
▪ Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
The Centers for Disease Control uses WordPress! That’s impressive.
So the bottom line is, update your WordPress installation now. And, if you haven’t updated to WordPress 3.6 yet, proceed straight to 3.6.1 after backing up your data and files.
No more creepy crawlers.
Update Kvetch
Now, I’m going to complain about my least favorite change to the WordPress 3.6 Dashboard. In 3.6, Manage Menu Locations is on its own page!
In previous versions, all the tools to manage Menus appeared on the same page. Now, the main step to making your menu work has a room of its own. Why?
This is no big deal with a built site, but when a new site being built by a new WordPress user, it could screw them out of time.
Last Tuesday at my Meetup, WordPress Workshop, I had a newbie who was in this exact predicament.
On the Menus page, I saw that she had everything set right. Her problem was that the tab, “Manage Locations” was very dim on her computer and she didn’t see it. With no idea she needed to click on Manage Locations to find the single dropdown list to assign her menu, this feature became a source of frustration, not delight.
They devoted a whole page to the singular task that is integral to menu control! What was Automattic thinking?
Hopefully, this flub will be corrected in the next version.
Til then, newbies beware. If you can’t make your menu appear, click on Manage Locations and assign it.
So far, that’s my biggest kvetch with WordPress 3.6 and 3.6.1.
My other beef is Automattic’s failure to give credit to the Oscar Peterson song used in the release video.
What do you think? How is WordPress 3.6 working for you? And do you have that song title?