Automattic announced today that WordPress 3.5.2 is now available!

This maintenance and security release, which fixes 12 bugs, features:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallowing contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Preventing of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

Download WordPress 3.5.2 or update now from the Dashboard → Updates menu in your site’s admin area.

Since it’s considered a security release for all previous versions and we strongly encourage you to update your sites immediately. Please contact us if you need any assistance with your upgrade.