On June 27, 2012, WordPress 3.4.1 was released to the public. This is a maintenance and security update.

For version 3.4.1, the database version (db_version in wp_options) changed to 21115.

To download WordPress 3.4.1, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Top ↑

From the announcement post, this maintenance release addresses 18 bugs with version 3.4, including:

Fixes an issue where a theme’s page templates were sometimes not detected.

Addresses problems with some category permalink structures.

Better handling for plugins or themes loading JavaScript incorrectly.

Adds early support for uploading images on iOS 6 devices.

Allows for a technique commonly used by plugins to detect a network-wide activation.

Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.

Additionally: Version 3.4.1 fixes a few security issues and contains some security hardening. These issues were discovered and fixed by the WordPress security team:

Privilege Escalation/XSS. Critical. Administrators and editors in multisite were accidentally allowed to use unfiltered_html for 3.4.0.

CSRF. Additional CSRF protection in the customizer.

Information Disclosure: Disclosure of post contents to authors and contributors (such as private or draft posts).

Hardening: Deprecate wp_explain_nonce(), which could reveal unnecessary information.

Hardening: Require a child theme to be activated with its intended parent only.

A full log of the changes made for 3.4.1 can be found at https://core.trac.wordpress.org/changeset?reponame=&new=21153%40branches%2F3.4&old=21076%40trunk

Top ↑

List of Files Revised # List of Files Revised

wp-login.php wp-includes/post-template.php wp-includes/class-wp-customize-manager.php wp-includes/update.php wp-includes/class-phpmailer.php wp-includes/version.php wp-includes/js/customize-preview.dev.js wp-includes/js/customize-preview.js wp-includes/class-wp-theme.php wp-includes/theme.php wp-includes/functions.php wp-includes/l10n.php wp-includes/class.wp-scripts.php wp-includes/class-wp-xmlrpc-server.php wp-includes/rewrite.php wp-includes/canonical.php wp-includes/capabilities.php wp-includes/script-loader.php wp-includes/class-wp-editor.php readme.html wp-admin/includes/plugin.php wp-admin/includes/update.php wp-admin/includes/meta-boxes.php wp-admin/includes/update-core.php wp-admin/customize.php wp-admin/js/common.js wp-admin/js/common.dev.js wp-admin/js/customize-controls.js wp-admin/js/customize-controls.dev.js wp-admin/load-scripts.php wp-admin/css/wp-admin.dev.css wp-admin/css/wp-admin.css wp-admin/about.php wp-admin/themes.php