Changes in 3.7 (http://codex.wordpress.org/Version_3.7):
* Background Updates
* Stronger Password Meter
* Improved Search
* Better Global Support
Changes in 3.7.1 (http://codex.wordpress.org/Version_3.7.1):
* Images with captions no longer appear broken in the visual editor.
* Allow some sites running on old or poorly configured servers to
continue to check for updates from WordPress.org.
* Avoid fatal errors with certain plugins that were incorrectly
calling some WordPress functions too early.
* Fix hierarchical sorting in get_pages(), exclusions in
wp_list_categories(), and in_category() when called with empty
values.
* Fix a warning that may occur in certain setups while performing
a search, and a few other notices.
ok ajacoutot@
- server-side request forgery vulnerability and remote port scanning
using pingbacks
(http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html)
- cross-site scripting via shortcodes and post content
- cross-site scripting vulnerability in the external library Plupload
ok merdely@
* Fixes an issue where a theme's page templates were sometimes not detected.
* Addresses problems with some category permalink structures.
* Better handling for plugins or themes loading JavaScript incorrectly.
* Adds early support for uploading images on iOS 6 devices.
* Allows for a technique commonly used by plugins to detect a
network-wide activation.
* Better compatibility with servers running certain versions of PHP
(5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which
had caused warnings or in some cases prevented emails from being sent.
* Privilege Escalation/XSS. Critical. Administrators and editors in
multisite were accidentally allowed to use unfiltered_html for 3.4.0.
And others, tested on i386 and amd64.
Ok merdely@ (maintainer) aja@
