Archive for the 'wordpress' Category
security update for wordpress released
by Justin Silverton
Wordpress 2.1.3 and Wordpress 2.0.10 have been released.
About this release:
“These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.”
also,
“As an update to the systems issue we had last month, we have taken dozens of additional precautions with the servers and systems that run WordPress.org and they appear to be working well, despite hundreds of hack attempts after we publicly disclosed there had been a problem. We are also now aggressively monitoring all downloads for any changes or modifications, and we are confident the same type of problem won’t happen again”
Downloads
2.1.3 can be found Here
2.0.10 can be found Here
Wordpress 2.0.7
By Justin Silverton
Even though this news is a little old, I think it is important that people know about this release (you should only need to upgrade to this version if you are currently running the 2.0.X Version of wordpress.
Here is the list of updates:
- Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to “On.”
- Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
- Backport of another 304 Not Modified fix from WordPress 2.1
- Deleting WordPress Pages no longer gives an “Are You Sure?” prompt.
- After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
- Sending an image at original size in Internet Explorer no longer adds an incorrect “height” attribute.
go here for more details.
wordpress 2.1 to be released on Monday
By Justin Silverton
Wordpress 2.1 is going to be on Monday January 22nd. Here are some great new features that you will see:
Auto-save of Drafts - WordPress 2.1 adds an autosave function that is automatically implemented when writing new drafts. This functionality uses AJAX and operates without new pageloads. The title of the post must be filled out in order for autosaving to occur.
Plugin Compatibility - many plugins will no longer work in 2.1 due to deprecation of database table variables. However, whenever there is a new version of WordPress, the other possible “plugin breaks” extend farther. Fortunately, the WordPress community has been hard at work testing plugins with 2.1 determining compatibility (find out if your plugin is compatible here).
New Visual Editor Interface - A big problem (to many) in the WordPress 2.0 branch was the Rich Text Editor (RTE) powered by TinyMCE. I believe the RTE was a good idea but was before it’s time. Thankfully, the developers have heeded the concerns brought to bear on the RTE in WordPress 2.0 and have significantly improved it. Notably, there is now a tabbed interface in the Write screen that will allow bloggers to switch between the two views seamlessly.
More information on this can be found here.
A feedburner fix for wordpress 2.0.6
By Justin Silverton
In a recent article here a recent issue has been discovered with the latest version of wordpress and feedburner:
After upgrading to WordPress 2.0.6 or WordPress 2.1 Beta, your FeedBurner feed will, at times, give you an “invalid xml” error, and “FeedMedic” will show you something like this:
Your server disconnected us before sending the full source feed content.
The Fix
There is a simple way to fix this issue, which involves the following steps:
1) Open /wp-includes/functions.php and find the following code (around line 2231):
if ( substr(php_sapi_name(), 0, 3) == 'cgi')
@header("HTTP/1.1 $header $text");
else
@header("Status: $header $text");
}
2) change to the following:
// if ( substr(php_sapi_name(), 0, 3) == 'cgi')
@header("HTTP/1.1 $header $text");
// else
// @header("Status: $header $text");
}
3) Save the file and exit. Resync your feed at FeedBurner
Wordpress 2.0.6 released
By Justin Silverton
Wordpress 2.0.6 has been released!
From the official wordpress site:
“We have a pretty important release available for everyone, it includes an important security fix and it’s recommended that everyone upgrade. This is the latest release in our stable 2.0 line, which we’ve committed to maintaining for several more years.
Here’s what’s new:
- The aforementioned security fixes.
- HTML quicktags now work in Safari browsers.
- Comments are filtered to prevent them from messing up your blog layout.
- Compatibility with PHP/FastCGI setups.
For developers, there’s a new anti-XSS function called attribute_escape(), and a new filter called “query” which allows you filter any SQL at runtime. (Which is pretty powerful.) Thanks to Mark Jaquith for handling this release and Stefan Esser for responsibly reporting the security issue.”
It can be downloaded here