Tag Archives: release

WordPress 3.0.2 Available

Posted on by
Reply

WordPress 3.0.2 is now available as a mandatory security release. More from the WordPress blog:

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

Found any bugs yet?

Posted on by
Reply

Well, the November bug hunt has finally kicked off and if you were thinking of taking part then there’s not much time left. Unfortunately I just don’t have the bandwidth to take part, the twins have really sucked away any free time I had and I have a huge pile of things that are in my to do list.

I am looking forward to the new version of WordPress (2.9) being released soon, and thanks to the one-click upgrade it should be relatively easy to roll it out to my blogs. No more uploading or looking for disk mounts. Just one click and away we go.

Go find some bugs

WordPress v2.8.4

Posted on by
Reply

Hot on the heels of the latest version of WordPress comes a new version with another security hole fixed. This wasn’t a major one, just an annoyance that lets a malicious user keep reseting a particular user’s password. It wouldn’t let them get into the blog, but it could be used to keep harassing a user (Now if someone chases you to sell low cost term life insurance and they have a WordPress blog, you know how to annoy them).

Anyway, the new release blocks the whole and helps WordPress be a little bit more secure than before, so go ahead and download it.

WordPress v2.8.2

Posted on by
Reply

There’s been another minor drop of WordPress, version 2.8.2, released just a few days after 2.8.1. It doesn’t look like much has changed but there’s one important change under the hood.

Apparently v2.8.1 had a cross-site scripting issue that allowed rogue plugins to potentially redirect an admin user to a different website. This could be an issue, though I personally don’t know if anyone would fall for that without noticing. I mean, if you had a website that sold pond supplies and you suddenly found yourself on a Russian site, you’d sorta know that something wasn’t kosher.

It’s not a major release, but head down and download WordPress 2.8.2

WordPress 2.8 Beta 1

Posted on by
Reply

I’ve just installed WordPress v2.8 Beta 1 on this blog to see what the new release is going to look like. I haven’t had time to explore the changes yet, the UI looks pretty similar to 2.7, and I haven’t really caught on on the release notes. I’m hoping that there are some nice finishing touches, a bit like adding some Kohler fixtures to your perfect kitchen.

So, if you’re looking to play with the latest version, jut go ahead and download it, and raise a ticket if you have any issues. In the meantime, I’m off to look for the new features .. with me luck!

WordPress 2.8 knocking at the door

Posted on by
Reply
Påskemorgen 2009 - IMG_1235-2

I’ve just read on the WordPress blog that the dev team is going into a 24-hour patch marathon, just as the set of features on WordPress 2.8 has been frozen. This is an important period where patches that have been submitted get tested, verified and incorporated into the final build. The great thing about this, is that the dev team is doing a marathon run, trying to get things in order in a 24 hour window.

It can be an exciting time getting things in into release gear, as you get all your ducks lined up in a row. I’ve been in that situation a few times, and it’s particularly exciting when you’re standing in a server room, with a rackmount monitor open in front of you, while you put together the finishing touches on something that a client is just waiting for. It’s a multi-factor rush caused by the fact that you have a deadline and need to get something delivered, while at the same time you know that you need to make sure things are done properly; the last thing you need is to go live and make a mess of things.

Anyway, I’m looking foward to seeing WordPress 2.8 running on my blogs. It’s always great to get a new release isn’t it?

WordPress 2.6.2 released

Posted on by
1

There’s been a new drop of WordPress which addresses some security issues and a couple of bugs. Here the write up from the development blog:

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand().  With his help we worked around these problems and are now releasing WordPress 2.6.2.  If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.  Stefan Esser will release details of the complete attack shortly.  The attack is difficult to accomplish,  but its mere possibility means we recommend upgrading to 2.6.2.

Other PHP apps are susceptible to this class of attack.  To protect all of your apps, grab the latest version of Suhosin.  If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit.  You should still upgrade to 2.6.2 if you allow open user registration so as to prevent the possibility of passwords being randomized.

2.6.2 also contains a handful of bug fixes.  Check out the full changeset and list of changed files.

It’s not a big upgrade, so pretty easy to deploy to your blog. WordPress 2.7 shouldn’t be too far away though, so you might want to hold out for that one.

WordPress v2.6.1

Posted on by
Reply

There’s been a new point release of WordPress dropped to fix some minor bugs with 2.6. Nothing major and in fact, there’s no real need to upgrade unless you have a problem that’s been addressed here. Here’s some information about what it contains:

2.6.1 offers several improvements for international users.  Styling of the admin for right-to-left languages is much improved thanks to the efforts of the Farsi and Hebrew translation teams, and a mysterious gettext bug caused by certain PHP configurations is now fixed.  For IIS users, 2.6.1 fixes several permalink problems. Image insertion problems in the Press This feature experienced by IE users are also fixed. Of note to everyone is a fix for a performance bug in the admin where those with a lot of plugins would experience slowness on some pages.

Get it here