Should you upgrade to WordPress 3.5.1?

Yes, but beware. Although upgrading is generally a wise thing to do, some plug-ins and some WordPress themes are not compatible with the latest release. It’s essential to check the release notes of all your plug-ins and your installed theme. Ask for advice if you are unsure.

Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Changes include:

  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

Additionally, a bug affecting Windows servers running IIS can prevent updating from 3.5 to 3.5.1. If you receive the error “Destination directory for file streaming does not exist or is not writable,” you will need to follow the steps outlined on the Codex.

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team.
  • Two instances of cross-site scripting via shortcodes and post content.
  • A cross-site scripting vulnerability in the external library Plupload.