Net Data Design, LLC Blog

Software and Database Development Blog

Browsing Posts tagged trackback

WordPress Releases 2.8.6 Security Patch

November 12, 2009 Chris Smith No comments

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
  • Share/Bookmark
Best Practices, WordPress , , ,
Read more

WordPress 2.8.5 has been released

October 23, 2009 Chris Smith No comments

This update is a “security hardening release” – intended to protect against potential problems, and one issue already in the wild.

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

You can get all the details here from WordPress.Org.

 

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
  • Share/Bookmark
Best Practices, WordPress , , ,
Read more

Categories

Meta

Powered by WordPress Web Design by SRS Solutions © 2010 Net Data Design, LLC Blog Design by SRS Solutions