WordPress 3.4.1 was released today.
This maintenance release addresses 18 bugs with version 3.4, including:
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Better handling for plugins or themes loading JavaScript incorrectly.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Additionally: Version 3.4.1 fixes a few security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team:
- Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
- CSRF. Additional CSRF protection in the customizer.
- Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
- Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
- Hardening: Require a child theme to be activated with its intended parent only.
