Net Data Design, LLC Blog » trackback http://blog.nddllc.com Software and Database Development Blog Fri, 20 Aug 2010 16:33:26 +0000 en hourly 1 http://wordpress.org/?v=3.1-alpha WordPress Releases 2.8.6 Security Patch http://blog.nddllc.com/2009/11/12/wordpress-releases-2-8-6-security-patch/ http://blog.nddllc.com/2009/11/12/wordpress-releases-2-8-6-security-patch/#comments Thu, 12 Nov 2009 22:25:50 +0000 Chris Smith http://blog.nddllc.com/?p=33 2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Share/Bookmark

]]> http://blog.nddllc.com/2009/11/12/wordpress-releases-2-8-6-security-patch/feed/ 0 WordPress 2.8.5 has been released http://blog.nddllc.com/2009/10/23/wordpress-2-8-5-has-been-released/ http://blog.nddllc.com/2009/10/23/wordpress-2-8-5-has-been-released/#comments Fri, 23 Oct 2009 12:23:17 +0000 Chris Smith http://blog.nddllc.com/?p=16 This update is a “security hardening release” – intended to protect against potential problems, and one issue already in the wild.

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

You can get all the details here from WordPress.Org.

 

]]> http://blog.nddllc.com/2009/10/23/wordpress-2-8-5-has-been-released/feed/ 0