WordPress 2.8.4 has been released. While most releases are important, this one is particularly important. It addresses a security vulnerability that was discovered yesterday. The vulnerability allows a very specially crafted URL could allow a malicious individual to bypass a security check to verify a user requested password reset. It only affects the first account without a key in the database, which is usually the admin account. The owner of the account would receive an email with the new password, so the attacker wouldn’t gain access, unless they had access to the email associated with the account in question, but it’s still annoying.
Archive for the ‘WordPress’
WordPress 2.8.3 has been released. It addresses a couple of things missed when a privilege escalation issue was fixed in 2.8.1. Applying the upgrade was a simple matter of a precautionary backup of the database (always backup your database when doing an upgrade just in case) and clicking the upgrade link in the administration panel.
WordPress 2.8.2 was released a couple of days ago. It resolves an XSS vulnerability. Comment author URLs were not fully sanitized so they could redirect you from the admin panel to somewhere else if a malicious commenter was persistent.
As usual, the upgrade was quick and painless and consisted of backing up the database and clicking the upgrade link.
WordPress 2.8.1 has been released. The changes includes some bug fixes and tightening up of the security for the some of the administration pages for some plugins. There are a bunch of other changes, too, which you can read about on the WordPress Dev Blog.
Upgrading consisted of backing up the database for good luck and clicking the upgrade link in the admin panel.
WordPress 2.8 was released earlier today. Upgrading to it was a very painless process. Basically, backup the database, click the upgrade link in the control panel and follow the instructions. It took longer to backup the database than it did to do the actual upgrade.
WordPress 2.7 has been released with a complete overhaul of the admin interface and the addition of new features. From the reader’s perspective, however, things probably won’t look a whole lot different. One new feature I’ve wished for a few times in the past is to make a post “sticky” so that it’s always on the main page.
If you’re using Subversion to manage your updates, all you should need to do is run the following command:
And then hit the upgrade URL. Painless as usual!
Congratulations to the WordPress 2.7 team!