In the midst of preparing WordPress 3.4 as a stable public release, the WordPress team chose to put out a security update. WordPress 3.3.2 includes a handful of bugfixes for WordPress itself, but also includes security updates to three of the external libraries included with WordPress.

One of those external libraries is Plupload, which is used by WordPress to implement the current media uploader. Plupload is a library developed by the team behind TinyMCE, and supports uploads using HTML5, Silverlight, Flash and more so that it will work in almost any browser. In December, a security update was released for Plupload that stops cross-domain scripting in the Flash portion of the library. That update was included in the new version of WordPress.

The other two libraries are no longer used by WordPress out-of-the-box, but they remain packaged with the system for backwards-compatibility reasons.

Related posts:

  1. WordPress 3.0.5 Released – Security Update
  2. WordPress 3.0.2 Released – Mandatory Security Update
  3. WordPress MU 2.8.5 Released