Archive for category Releases
WordPress 2.8.4: Security Release
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
WordPress 2.8.3 Security Release
Posted by Ryan Boren in Forms, Releases on August 3, 2009
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin.
WordPress 2.8.2
Posted by Ryan Boren in Forms, Releases on July 20, 2009
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
WordPress 2.8.1
Posted by Ryan Boren in Forms, Releases on July 9, 2009
WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe.
What else is new since 2.8? Read through the highlights below, or view all changes since 2.8
- Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
- Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
- The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
- A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
- Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
- Translation of role names fixed.
- wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
- Upload error messages are now correctly reported.
- Autosave error experienced by some IE users is fixed.
- Styling glitch in the plugin editor fixed.
- SSH2 filesystem requirements updated.
- Switched back to curl as the default transport.
- Updated the translation library to avoid a problem with mbstring.func_overload.
- Stricter inline style sanitization.
- Stricter menu security.
- Disabled code highlighting due to browser incompatibilities.
- RTL layout fixes.
WordPress 2.8.1 Release Candidate 1
Posted by Ryan Boren in Forms, Releases on July 7, 2009
2.8.1 is nigh. Release Candidate 1 is our last stop before the final release. Please download RC1, review the changes made since beta 2, and have a look at all of the tickets fixed in 2.8.1. Thanks for testing WordPress.
-
You are currently browsing the archives for the Releases category.
Restaurant Deals For UT Arlington Students
Technology News- Mark Zuckerberg Surprises Party Guests with New MarriageCome for a graduation celebration, stay for a wedding! […]
- 'jOBS' Movie to Film in Los Altos Garage Where Apple BeganHow's that for authenticity? […]
- RIP Aero Glass; Windows 8 Sticks a Fork in Familiar UIIn an attempt to make Windows 8 feel more crisp and clear, Microsoft has nuked the transparency, reflections, and glowing aspects of its Aero Glass interface. […]
- Sloppy Facebook IPO Predictions: Only 1.14% Get the Closing Price RightA number of pundits and predictors expected Facebook's IPO to shoot the company's stock price to the moon. Spoiler: It didn't. […]
- SpaceX Launch Scrubbed at the Last SecondComputers detect an engine problem on the Falcon 9 rocket, automatically shutting it down just seconds before liftoff and aborting a historic cargo run to the ISS. […]
- Blizzard Delays Real-World 'Diablo III' Auction House a WeekBlizzard has set a date for its real-money, Diablo III auction house to go live: May 29, about a week after originally scheduled. […]
- Why Does ZTE's Score M Have a Built-In Backdoor Hole?The Chinese handset maker's entry level Android smartphone can be taken over by anyone with a hard-coded password, and guess what—it's been published on the Internet. […]
- Everything Falling Into Place for SpaceX ISS Cargo RunThe weather looks good, SpaceX and NASA have resolved some technical issues, and the first privately funded mission to the International Space Station is a go for Saturday. […]
- ITC Bans Motorola Devices That Infringe on Microsoft PatentMicrosoft was handed a legal victory on Friday after the International Trade Commission (ITC) ordered an import ban on Android-based Motorola devices that infringe on a Microsoft-held patent. […]
- Facebook Barely Claws Past its IPO PriceFacebook's landmark initial public offering opened strongly - but belatedly - then fluttered back down to its IPO price, as other social media stocks sank as well. […]