WordPress 3.1.2 has been released.

This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.

The issue was discovered by a member of our security team.

We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1.

The official WordPress announcement

3.1.2 Codex Details

Change Details

A list of the modified files (between WordPress 3.1.1 and 3.1.2)

Download 3.1.2 (entire installation)

Download 3.1.2 (just the changed files between 3.1.1 and 3.1.2)

So, I’m finally beginning to get somewhere with version 2 of my YouTube Embed WordPress plugin. As a birthday treat to myself I bought Professional WordPress Plugin Development from Amazon.

Now, completion of my plugin is even less likely to be soon as this rather excellent book has just left me with a raft of further changes to make. Everything from coding standards to widget development is covered. I’m only a quarter way through and already there are sticky note bookmarks everywhere – each indicating something I need to look at.

It’s not just this plugin this will affect though, as I will then turn my intention towards all my other plugins as well – starting with my caching and feed plugins which will get major overhauls (as this book mentions methods of performing each with a lot less effort than I’m currently applying!).

Even their section on marketing your plugin has left me with ideas of changes I wish to make – first up, I’m going to see about renaming my existing plugins.

If you’re into WordPress development I can’t recommend this book highly enough.

Now, if you’ll excuse me… I have a lot of work to do¹

1. not helped by the fact that events in the last week have given me a great idea for a new plugin – my head is now full of that. Not that I’m going to say what it is [↩]

WordPress 3.1.1 has been released.

This maintenance and security release fixes almost thirty issues in 3.1, including:

• Some security hardening to media uploads
• Performance improvements
• Fixes for IIS6 support
• Fixes for taxonomy and PATHINFO (/index.php/) permalinks
• Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues

Version 3.1.1 also addresses three security issues. The first hardens CSRF prevention in the media uploader. The second avoids a PHP crash in certain environments when handling devilishly devised links in comments, and the third addresses an XSS flaw.

The official WordPress announcement

Change Details

3.1.1 Codex Details

A list of the modified files (between WordPress 3.1 and 3.1.1)

Download 3.1.1 (entire installation)

Download 3.1.1 (just the changed files between 3.1 and 3.1.1)