metalpig's blog » WP Upgrade http://metalpigs.com Business Cards | Paper Bags | Graphic | Logo Design | Templates Wed, 28 Jul 2010 15:52:30 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 WordPress 2.8.5: Security Hardening Release http://metalpigs.com/wordpress-2-8-5-security-hardening-release/ http://metalpigs.com/wordpress-2-8-5-security-hardening-release/#comments Thu, 22 Oct 2009 11:38:38 +0000 metalpig http://metalpigs.com/?p=105

wordpress2.8.5 blue-xl

WordPress recommend that all sites must upgrade to WP 2.8.5 version, to ensure the best security protection of your site.

Below are the highlights of the said 2.8.5 update.

* A fix for the Trackback Denial-of-Service attack that is currently being seen.


* Removal of areas within the code where php code in variables was evaluated.


* Switched the file upload functionality to be whitelisted for all users including Admins.


* Retiring of the two importers of Tag data from old plugins.

Meanwhile, the WordPress camp are also working on the new features for the coming of WordPress 2.9.

For more info about WordPress 2.5.8 update, please visit WordPress.org.

>> Updates:

While automatically updating my other WordPress site(not this one) via Dashboard, I encountered the problem below;

Unpacking the update.

Verifying the unpacked files

Installing the latest version

Could not copy file: /public_html/wp-content/upgrade/wordpress-2.8.5/wordpress/wp-comments-post.php

Installation Failed

I’d sign out and re-start my computer thinking that maybe it’s only a small problem and all it need is to re-start. Then, I login again, clicking the update automatically, but the same problem occurs.

The solution:

I’d tried the simplest solution, deactivate all my plug-ins including Akismet… then Viola!

wordpress-2.8.5_metalpigs

Smooth.. :)

Security Release Update:

WordPress 2.8.6 Security Release

WordPress released updates to WP 2.8.6 and available for download. The newly released fixes two security problems that can be exploited by registered, logged in users who have posting privileges. So, if your site or blog had many authors, then upgrading to 2.8.6 is a must.

Below are the 2 security problems that are fixed in this update;

*  An XSS vulnerability in Press This, discovered by Benjamin Flesch.

*  An issue with sanitizing uploaded file names that can be exploited in certain Apache configurations, discovered by Dawid Golunski,

Many thanks to Benjamin and Dawid for finding and reporting the said problems.

You can automatically update WP 2.8.6 on your Dashboard, or you can download WordPress 2.8.6 here.

]]> http://metalpigs.com/wordpress-2-8-5-security-hardening-release/feed/ 11