Title: Version 3.5.1
Published: May 19, 2019

---

# Version 3.5.1

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#installation-update-information)
 * [Windows Servers Running IIS](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#windows-servers-running-iis)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#summary)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#wp--skip-link--target)

On January 24, 2013, WordPress 3.5.1 was released to the public. This is a maintenance
and security update.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#installation-update-information)󠁿

To download WordPress 3.5.1, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Windows Servers Running IIS](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#windows-servers-running-iis)󠁿

A bug affecting Windows servers running IIS can prevent updating from WordPress 
3.5 to WordPress 3.5.1. If you receive the error “Destination directory for file
streaming does not exist or is not writable,” you have a few options:

 * **Option 1.** Manually install the [Hotfix](https://wordpress.org/extend/plugins/hotfix/)
   plugin. Please see [the Codex instructions for manual plugin installation](https://codex.wordpress.org/Managing_Plugins#Manual_Plugin_Installation).
 * **Option 2.** Add the following to your `wp-config.php`. Remove it after updating
   to WordPress 3.5.

    ```wp-block-preformatted
    define( 'WP_TEMP_DIR', ABSPATH . 'wp-content/' );
    ```

If you need assistance, please try the [WordPress Support Forums](https://wordpress.org/support/).

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#summary)󠁿

From the [announcement post](https://wordpress.org/news/2013/01/wordpress-3-5-1/),
this maintenance release addresses 37 bugs with version 3.5, including:

 * Editor: Prevent certain HTML elements from being unexpectedly removed or modified
   in rare cases.
 * Media: Fix a collection of minor workflow and compatibility issues in the new
   media manager.
 * Networks: Suggest proper rewrite rules when creating a new network.
 * Prevent scheduled posts from being stripped of certain HTML, such as video embeds,
   when they are published.
 * Work around some misconfigurations that may have caused some JavaScript in the
   WordPress admin area to fail.
 * Suppress some warnings that could occur when a plugin misused the database or
   user APIs.

Additionally: Version 3.5.1 fixes a few security issues:

 * Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed
   by the WordPress security team. CVE-2013-0235.
 * Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
   Cave of the WordPress security team. CVE-2013-0236.
 * Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was
   released to address this issue. CVE-2013-0237.

A full log of the changes made for 3.5.1 can be found at [https://core.trac.wordpress.org/log/branches/3.5?rev=23341&stop_rev=23167](https://core.trac.wordpress.org/log/branches/3.5?rev=23341&stop_rev=23167).

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-3-5-1/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    wp-includes/default-filters.php
    wp-includes/class-http.php
    wp-includes/post.php
    wp-includes/version.php
    wp-includes/js/tinymce/tiny_mce.js
    wp-includes/js/tinymce/wp-tinymce-schema.js
    wp-includes/js/tinymce/wp-tinymce.js.gz
    wp-includes/js/media-editor.js
    wp-includes/js/plupload/plupload.silverlight.xap
    wp-includes/js/plupload/plupload.html5.js
    wp-includes/js/plupload/changelog.txt
    wp-includes/js/plupload/plupload.silverlight.js
    wp-includes/js/plupload/plupload.flash.swf
    wp-includes/js/plupload/plupload.js
    wp-includes/js/media-views.js
    wp-includes/js/media-editor.min.js
    wp-includes/js/media-views.min.js
    wp-includes/comment.php
    wp-includes/class-wp-embed.php
    wp-includes/functions.php
    wp-includes/template.php
    wp-includes/user.php
    wp-includes/media.php
    wp-includes/class-wp-xmlrpc-server.php
    wp-includes/wp-db.php
    wp-includes/media-template.php
    wp-includes/class-wp.php
    wp-includes/css/editor.min.css
    wp-includes/css/editor.css
    wp-includes/script-loader.php
    readme.html
    wp-admin/network.php
    wp-admin/includes/image-edit.php
    wp-admin/includes/update-core.php
    wp-admin/includes/media.php
    wp-admin/js/post.min.js
    wp-admin/js/post.js
    wp-admin/images/sort-2x.gif
    wp-admin/css/wp-admin.min.css
    wp-admin/css/wp-admin.css
    wp-admin/about.php
    ```

First published

May 19, 2019

Last updated