On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.
For version 3.4.1, the database version (db_version in wp_options) changed to 21115.
To download WordPress 3.4.1, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
From the announcement post, this maintenance release addresses 18 bugs with version 3.4, including:
- Fixes an issue where a theme’s page templates were sometimes not detected.
- Addresses problems with some category permalink structures.
- Adds early support for uploading images on iOS 6 devices.
- Allows for a technique commonly used by plugins to detect a network-wide activation.
- Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.
Additionally: Version 3.4.1 fixes a few security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team:
- Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.
- CSRF. Additional CSRF protection in the customizer.
- Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).
- Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.
- Hardening: Require a child theme to be activated with its intended parent only.
A full log of the changes made for 3.4.1 can be found at https://core.trac.wordpress.org/changeset?reponame=&new=21153%40branches%2F3.4&old=21076%40trunk
List of Files Revised
wp-login.php wp-includes/post-template.php wp-includes/class-wp-customize-manager.php wp-includes/update.php wp-includes/class-phpmailer.php wp-includes/version.php wp-includes/js/customize-preview.dev.js wp-includes/js/customize-preview.js wp-includes/class-wp-theme.php wp-includes/theme.php wp-includes/functions.php wp-includes/l10n.php wp-includes/class.wp-scripts.php wp-includes/class-wp-xmlrpc-server.php wp-includes/rewrite.php wp-includes/canonical.php wp-includes/capabilities.php wp-includes/script-loader.php wp-includes/class-wp-editor.php readme.html wp-admin/includes/plugin.php wp-admin/includes/update.php wp-admin/includes/meta-boxes.php wp-admin/includes/update-core.php wp-admin/customize.php wp-admin/js/common.js wp-admin/js/common.dev.js wp-admin/js/customize-controls.js wp-admin/js/customize-controls.dev.js wp-admin/load-scripts.php wp-admin/css/wp-admin.dev.css wp-admin/css/wp-admin.css wp-admin/about.php wp-admin/themes.php