WORDPRESS USERS - Security Update!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Jace
    FBOP Class Of 2013
    • Jan 2004
    • 35562

    #1

    WORDPRESS USERS - Security Update!

    http://wordpress.org/download/

    http://wordpress.org/development/2007/01/wordpress-207/

    Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We?re able to work around it fairly easily, so we?ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

    Because this is a much smaller update than previous versions, you do not have to update all of WordPress? files if you?re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6:

    * wp-admin/inline-uploading.php
    * wp-admin/post.php
    * wp-includes/classes.php
    * wp-includes/functions.php
    * wp-settings.php
    * wp-includes/version.php

    We know it sucks to have a release only 10 days after our last one, but we think it?s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal.

    Here are the changes that have been made since 2.0.6:

    * Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to ?On.?
    * Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
    * Backport of another 304 Not Modified fix from WordPress 2.1
    * Deleting WordPress Pages no longer gives an ?Are You Sure?? prompt.
    * After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
    * Sending an image at original size in Internet Explorer no longer adds an incorrect ?height? attribute.

    And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years.
  • Dirty F
    Too lazy to set a custom title
    • Jul 2001
    • 59204

    #2
    Sucks if you have 500 blogs.

    Comment

    • woj
      <&(©¿©)&>
      • Jul 2002
      • 47882

      #3
      lame, only a week has passed since the last update...
      Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
      Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
      Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

      Comment

      • Jace
        FBOP Class Of 2013
        • Jan 2004
        • 35562

        #4
        Originally posted by Dirty Franck
        Sucks if you have 500 blogs.
        heh, yeah, no shit

        fantastico is nice for that though, but still annoying as shit

        Comment

        • Jace
          FBOP Class Of 2013
          • Jan 2004
          • 35562

          #5
          Originally posted by woj
          lame, only a week has passed since the last update...
          yeah, it seemed like the last update was just a few days ago

          luckily this one is just a drop and replace

          Comment

          • Sarah_Jayne
            Now with more Jayne
            • Dec 2002
            • 40077

            #6
            Well, I guess I know what I am doing tomorrow.

            Comment

            • ucv.karl
              Confirmed User
              • Jul 2006
              • 498

              #7
              Originally posted by woj
              lame, only a week has passed since the last update...
              And this gem.

              "And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years."
              It's better when you can Switch.
              ICQ: 263079754

              Comment

              • Scroto
                Confirmed User
                • Nov 2005
                • 2804

                #8
                just finished updating...again

                Comment

                • Jace
                  FBOP Class Of 2013
                  • Jan 2004
                  • 35562

                  #9
                  Originally posted by ucv.karl
                  And this gem.

                  "And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years."
                  OMFG

                  haha, what a bunch of tools

                  Comment

                  • RawAlex
                    So Fucking Banned
                    • Oct 2003
                    • 9465

                    #10
                    These guys need to learn how to do live updates. This constant updating and patching bullshit is turning their product into work.

                    Comment

                    • StarkReality
                      Confirmed User
                      • May 2004
                      • 4444

                      #11
                      Argh...paching is nice, but if it continues this way, we'll get daily updates and I'll hire a wordpress updater...

                      Comment

                      • JD
                        Too lazy to set a custom title
                        • Sep 2003
                        • 22651

                        #12
                        i'll just wait for end of the month update

                        Comment

                        • Babaganoosh
                          ♥♥♥ Likes Hugs ♥♥♥
                          • Nov 2001
                          • 15841

                          #13
                          Originally posted by RawAlex
                          These guys need to learn how to do live updates. This constant updating and patching bullshit is turning their product into work.
                          Yeah, for what you paid for it I would complain too.
                          I like pie.

                          Comment

                          • martinsc
                            Too lazy to set a custom title
                            • Jun 2005
                            • 27047

                            #14
                            thanks for the heads up
                            Make Money

                            Comment

                            • tenderobject
                              Need Designs? 312352846
                              • Dec 2004
                              • 11688

                              #15
                              hey jace, this only affects wordpress 2.0.6 version or all the wordpress version need to be upgraded?


                              NEED DESIGNS?!?

                              Comment

                              • cachondo
                                Confirmed User
                                • Sep 2004
                                • 808

                                #16
                                My blog site has hacked, shit!
                                medianetpay.com

                                Comment

                                • Bliggo
                                  Registered User
                                  • Jun 2006
                                  • 99

                                  #17
                                  Originally posted by tenderobject
                                  hey jace, this only affects wordpress 2.0.6 version or all the wordpress version need to be upgraded?
                                  This applies to all versions as .0.5 fixed stuff from 0.4 which fixed stuff from 0.3 etc etc.

                                  ps I used version numbers for example only.

                                  I seo'd my hair yesterday and today it's a pr6

                                  Comment

                                  Working...