farcaster
10-20-2009, 10:12 PM
This was released today - Oct 20th.
An excerpt from the WP Blog
The headline changes in this release are:
A fix for the Trackback Denial-of-Service attack that is currently being seen.
Removal of areas within the code where php code in variables was evaluated.
Switched the file upload functionality to be whitelisted for all users including Admins.
Retiring of the two importers of Tag data from old plugins.
The rest of the story is here -> http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/
At the bottom of the blog is a reference to a WordPress Exploit Scanner that some may find a good read.
If you have WordPress installed via the Bluehost SimpleScripts, they already have the new version posted. You can upgrade easily there.
Two thumbs up to Bluehost and SimpleScripts
If you have a self-installed version, the update is really quick. I have a sandbox installation on my local MAMP server, and once I clicked the link to update directly, it took less than 10 seconds to download the zip file and install the upgrade. (Actually, I think it was around 5 seconds. I blinked and had to find the dialog again. Hi-speed cable is wonderful.)
I didn't worry about doing a backup since this is only a sandbox to play in, but I would highly suggest that you do so prior to upgrading.
An excerpt from the WP Blog
The headline changes in this release are:
A fix for the Trackback Denial-of-Service attack that is currently being seen.
Removal of areas within the code where php code in variables was evaluated.
Switched the file upload functionality to be whitelisted for all users including Admins.
Retiring of the two importers of Tag data from old plugins.
The rest of the story is here -> http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/
At the bottom of the blog is a reference to a WordPress Exploit Scanner that some may find a good read.
If you have WordPress installed via the Bluehost SimpleScripts, they already have the new version posted. You can upgrade easily there.
Two thumbs up to Bluehost and SimpleScripts
If you have a self-installed version, the update is really quick. I have a sandbox installation on my local MAMP server, and once I clicked the link to update directly, it took less than 10 seconds to download the zip file and install the upgrade. (Actually, I think it was around 5 seconds. I blinked and had to find the dialog again. Hi-speed cable is wonderful.)
I didn't worry about doing a backup since this is only a sandbox to play in, but I would highly suggest that you do so prior to upgrading.