WordPress 2.6.5 has been released. It fixes an XSS security problem concerning blogs running on Apache 2.x using IP-based virtual servers and there are three small non-critical bug fixes. You can download the fix or use Subversion to pull them down thus:

   1: svn sw http://svn.automattic.com/wordpress/tags/2.6.5/

As usual, it took me longer to log onto my server than actually do the upgrade itself.

If you pay attention to things like version numbers, you’ll note that the numbers skipped from 2.6.3 to 2.6.5.  That’s because there is a rogue version floating around calling itself 2.6.4.  If you’re tempted to install it, DON’T!!!  It’s not a real release.  There will never be a WordPress 2.6.4.

A minor security fix for WordPress was released yesterday.  Basically, there is a low-risk vulnerability in the Snoopy library that is used to display the RSS feeds in the Dashboard.  You can download the fix, grab the files manually (wp-includes/class-snoopy.php and wp-includes/version.php) or use Subversion to pull them down thus:

   1: svn sw http://svn.automattic.com/wordpress/tags/2.6.3/

It took me longer to log onto my server than actually do the upgrade itself.

A few months ago, I wrote about looking forward to WordCamp Toronto 2008.  I ended the entry with the following:

Hopefully, my schedule won’t change between now and then. 🙂

Well, it appears I was tempting Fate.

(more…)

WordPress 2.6.2 has been released.  It addresses a couple of issues related to SQL Column Truncation and the mt_rand() function, along with some bug fixes.  Using subversion, the upgrade consisted of switching to the root directory of my WordPress installation and entering the following command:

svn sw http://svn.automattic.com/wordpress/tags/2.6.2/

As always, I hit the upgrade URL after this, but it said the magic button didn’t need to be poked.

WordPress 2.6.1 is out.  It fixes the inevitable .0 bugs that new releases have.

As always, upgrading via Subversion was painless:

svn sw http://svn.automattic.com/wordpress/tags/2.6.1/

Followed by hitting the upgrade URL and poking the magic button.

I just happened to be looking through my blog’s logs and noticed that a ‘bot had crawled through numerous pages on my blog in a very short period of time:

72.3.137.83 - - [13/Aug/2008:06:01:45 +0100] "GET /2008/02/01/ HTTP/1.0" 200 35253 "-" "ISC Systems iRc Search 2.1"

72.3.137.83 - - [13/Aug/2008:06:01:49 +0100] "GET /2008/02/05 HTTP/1.0" 301 84 "-" "ISC Systems iRc Search 2.1"

72.3.137.83 - - [13/Aug/2008:06:01:52 +0100] "GET /2008/02/05/ HTTP/1.0" 200 35375 "-" "ISC Systems iRc Search 2.1"

72.3.137.83 - - [13/Aug/2008:06:01:56 +0100] "GET /2008/02/06 HTTP/1.0" 301 84 "-" "ISC Systems iRc Search 2.1"

72.3.137.83 - - [13/Aug/2008:06:01:59 +0100] "GET /2008/02/06/ HTTP/1.0" 200 33373 "-" "ISC Systems iRc Search 2.1"

The “ISC Systems iRc Search 2.1” user agent caught my interest, so I did a little research with Google.  As I suspected, it seems that this user agent is associated with a web crawler used by an address harvester used by spammers.  I use the AntiLeech plugin to battle content thieves and the like, so I added the user agent to its blacklist.

But how to tell if AntiLeech is actually working?

(more…)

WordPress 2.6 was released a few minutes ago, so of course I’ve upgraded already.  Since I use subversion to maintain my blog, the upgrade process basically consisted of making a backup (it’s always a good idea to make a backup) and then running the following command from the root of my WordPress installation:

svn sw http://svn.automattic.com/wordpress/tags/2.6/

I also upgraded a couple of plugins, including Akismet.

In the roughly 90 seconds it took to do all of this, some comment spammer tried to post some spam to my blog.  Fortunately, I had comments set to require me to approve the first comment, so it went into the queue to be reviewed.  When I re-enabled Akismet and poked the “check for spam” button it flagged it automatically.

There are a lot of features in it that make it worth upgrading, including some security updates, including better SSL support.  There’s also the addition of a post revisioning feature that will make it easier to track changes to blog entries, something that will be of particular interest to blogs with more than one author.

There’s even a video tour of WordPress 2.6 showing off the new features:

Congratulations to the WordPress 2.6 team!