Discussions

Discussions » Blogging Help
DaneMorgan

WP Security Update Released

Posted by DaneMorgan • 10/21/09 • Subscribe to this Discussion [RSS] • Report This Topic
Topics: blogging, Security, upgrade, wordpress, wp

The headline changes in this release are:

* A fix for the Trackback Denial-of-Service attack that is currently being seen.

* Removal of areas within the code where php code in variables was evaluated.

* Switched the file upload functionality to be whitelisted for all users including Admins.

* Retiring of the two importers of Tag data from old plugins.

More from Mike Paetzold, the WP Guy @
wptutorial.com/blog/information/wordpress-2-8-5-a-new-upgrade-to-harden-you...
(one of my favorite blogs by the way)

Reply

User Comments

  1. PetLvr
    10/21/09
    PetLvr
    I've upgraded all most of my blogs this morning, and had a fatal error upgrading one of them - because my database is too large.

    If this applies to anybody here - see my tweet.
    twitter.com/PetLvr/status/5047273297
    [reply]
    1. DaneMorgan
      10/21/09
      DaneMorgan
      You know that's something that would have some real value...

      Anyone seen a nice comprehensive, categorized easy to access and digest list of wp-config settings?
    2. PetLvr
      10/21/09
      PetLvr
      Not in my travels .. however, I do have a few weird added "define(" lines in some of my blogs .. mostly due to caching and my translation plugins. Normally, I also have a memory allocation in my .htaccess as well - but, changing it had absolutely no effect on making this upgrade work except in the wp-config file.
  2. danalingga
    10/23/09
    danalingga
    not yet upgrading because auto update fail in my case.
    [reply]

Add Your Comment

Login to leave a message.