Automattic released WordPress 3.6.1 last night – it’s a security release for all previous WordPress versions.

According to their blog post, it addresses three issues fixed by the WordPress security team:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, they’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

You can read the release notes or see the list of changes.

Download WordPress 3.6.1 or update now from the Dashboard → Updates menu in your site’s admin area.

Since it’s a security release, they (and ContentRobot) is encouraging everyone to update their sites immediately. Need help? Just ask.