WordPress 2.8.3 Security Release
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download [...]
Posted by Ryan Boren Date: Monday, August 3, 2009
Categories: Ferret News
Tags: community, Download, privilege, release, Security, security release, upgrading, WordPress
WordPress 2.8.2
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
Posted by Ryan Boren Date: Sunday, July 19, 2009
Categories: Ferret News
Tags: Download, redirect, site, URLs, vulnerability, WordPress, XSS
WordPress 2.8.1
WordPress 2.8.1 fixes many bugs and tightens security for plugin administration pages. Core Security Technologies notified us that admin pages added by certain plugins could be viewed by unprivileged users, resulting in information being leaked. Not all plugins are vulnerable to this problem, but we advise upgrading to 2.8.1 to be safe. What [...]
Posted by Ryan Boren Date: Thursday, July 9, 2009
Categories: Ferret News
Tags: extra security, page, page menu, permission checks, plugin, problem, Read, rich text editor, role names, Security, translation library, unprivileged users, upgrade
WordPress 2.8.1 Release Candidate 1
2.8.1 is nigh. Release Candidate 1 is our last stop before the final release. Please download RC1, review the changes made since beta 2, and have a look at all of the tickets fixed in 2.8.1. Thanks for testing WordPress.
Posted by Ryan Boren Date: Tuesday, July 7, 2009
Categories: Ferret News
Tags: Download, nigh, release, review, stop, testing, WordPress
