WordPress, like any good CMS, releases occasional security & bugfixes in addition to their major versions. Yesterday, WordPress & Drupal conducted a joint security release to patch an issue in PHP core that could have resulted in a denial of service attack on your site.
This is a really small patch, but if you are on 3.9.1 already you should definitely upgrade to 3.9.2 to patch the issue as soon as possible.
The problem lies in an exposure with PHP (the language that WordPress is mostly comprised of – WordPress code itself was not compromised). The issue lies in the possibility of executing a denial of service attack using PHP’s XML processing when processing widgets. It is an extremely unlikely issue, but WordPress prefers to be pre-emptive with security, so they released a patch specifically for this issue alone.
The really cool part of this bug is that this is the first time that two CMS developer teams have worked together to patch a bug in their respective systems. The issue was first reported to WordPress & Drupal by a member of the Salesforce.com Product Security Team and both CMS’s developed their patches side by side & released the fixes at the same time.
WP 4.0 Is Coming Soon!
In even better news, WordPress 4.0 is just around the corner. It is currently in beta3 and is slated to be released on August 27th. This update includes some really neat features including a MUCH improved plugin UI – it’s a huge improvement over the existing system. You can read more about the release here: https://wordpress.org/news/2014/07/wordpress-4-0-beta-1/