WordPress officially released WordPress 3.3.2 today.
Here are the official WordPress 3.3.2 release notes:
Three external libraries included in WordPress received security updates:
- Plupload (version 1.5.4), which WordPress uses for uploading media.
- SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
- SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses:
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
- Cross-site scripting vulnerability when making URLs clickable.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
A full log of the changes made for 3.3.2 can be found at http://core.trac.wordpress.org/changeset?new=20550%40branches%2F3.3&old=20087%40branches%2F3.3