Path to this page:
Subject: CVS commit: [pkgsrc-2012Q2] pkgsrc/www/wordpress
From: Matthias Scheler
Date: 2012-09-09 18:32:55
Message id: 20120909163255.A982E175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3918 - requested by morr
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.27
- www/wordpress/distinfo 1.22
---
Module Name: pkgsrc
Committed By: morr
Date: Sun Sep 9 06:56:10 UTC 2012
Modified Files:
pkgsrc/www/wordpress: Makefile distinfo
Log Message:
Update to Wordpress 3.4.2.
Changes:
* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.
Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:
* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().
Files: