On April 8, 2014, WordPress 3.8.2 was released to the public and WordPress 3.7.2 was released as a automatic security update for WordPress 3.7.1.
Installation/Update Information
To download WordPress 3.7.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
From the announcement post, this maintenance release addresses 9 bugs with version 3.7 and 3.7.1. It also fixes some security issues:
- Potential authentication cookie forgery. CVE-2014-0166.
- Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
- (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
- (Hardening) Fix a low-impact SQL injection by trusted users.
- (Hardening) Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files.
List of Files Revised
readme.html wp-admin/about.php wp-admin/includes/upgrade.php wp-admin/includes/class-wp-upgrader.php wp-admin/includes/update-core.php wp-admin/includes/update.php wp-admin/includes/post.php wp-admin/includes/class-wp-posts-list-table.php wp-includes/functions.php wp-includes/update.php wp-includes/js/plupload/plupload.silverlight.xap wp-includes/pluggable.php wp-includes/class-wp-xmlrpc-server.php wp-includes/bookmark.php wp-includes/option.php wp-includes/version.php wp-includes/cron.php