WordPress 3.1.3 was made available to the public yesterday. This release is not only a  security update for all previous versions but also offers some new features.

WordPress 3.1.3 contains the following security fixes and enhancements:

• Various security hardening.
• Taxonomy query hardening.
• Prevents sniffing out user names of non-authors by using canonical redirects.
• Media security fixes.
• Improved file upload security on hosts with dangerous security settings.
• Cleans up old WordPress import files if the import does not finish.
• Introduces “clickjacking” protection in modern browsers on admin and login pages.

For details, feel free to check out the change log. Download WordPress 3.1.3 or update automatically from the Dashboard → Updates menu in your site’s admin area.

Also, you may be curious enough and want to take a look at the original release announcement that not only talks about WordPress 3.1.3 but also talks about the availability of WordPress 3.2 Beta 2. We'll talk more about WordPress 3.2 later.

As much as I talk about Drupal here at CMS Report, I often don't talk about Drupal point releases that provide solely security and bug fixes and no new features. Every once in awhile though there is a new version of Drupal 6 that has been especially polished by Drupal's developers. Drupal 6.17 is one of those releases which contain significant changes I think are worthy a mention.

I'm probably most excited about the improvements made in Drupal 6 for better PHP 5.3 compatibility. A couple weeks ago I tried upgrading my server to PHP 5.3 and there were just too many annoying errors showing up in the Drupal 6 system logs.  I'm hoping with Drupal 6.17, I have better luck this time around (currently running this Drupal 6 sites with PHP 5.3).

With over 55 patches committed to improve Drupal 6, the following are the highlights of changes included in Drupal 6.17:

• Improvements of session cookie handling
• Better processing of big XML-RPC payload
• Improved PostgreSQL compatibility
• Better PHP 5.3 and PHP 4 compatibility (my fingers are crossed)
• Improved Japanese support in search module
• Better browser compatibility of CSS and JS aggregation
• Improved logging for login failures
• An incompatibility of Drupal 6.16's new lock subsystem with some contributed modules was also resolved

The latest version of Drupal may be downloaded from the project page at Drupal.org. Whether you're new to Drupal or currently maintaining a Drupal site, this latest release of Drupal is a clear indication that there is plenty of life and plenty of development taking place with the Drupal 6 release. Now what other Drupal 6 sites do I have that still need this upgrade to Drupal 6.17.

Drupal 6.5 and Drupal 5.11 were released yesterday.  These new versions of Drupal are maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities.  If you take a look at the release notes, you'll find that Drupal's core developers and security teams have been hard at work improving this open source content management system.  With all the hard work done for you, it only makes sense to upgrade your Drupal site today (yes, we're running Drupal 6.5).

Details and download links can be found at Drupal.org.  

Joomla! 1.5.4 was released yesterday.

The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.4 [Naiki]. This is a normal maintenance release which includes a few low to moderate security issues, many bug fixes, and several very nice improvements. It has been a little over ten weeks since Joomla! 1.5.3 was released on April 24, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla! community containing the latest bug fixes and minor enhancements.

Click here for details.