Time For Another Wordpress Upgrade
written by John Chow
Barely 10 days after the release of Wordpress 2.0.6, Wordpress has upgraded it with version 2.0.7. It is recommended that everyone upgrade to this latest version.
Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.
Because this is a much smaller update than previous versions, you do not have to update all of WordPress’ files if you’re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6:
- wp-admin/inline-uploading.php
- wp-admin/post.php
- wp-includes/classes.php
- wp-includes/functions.php
- wp-settings.php
- wp-includes/version.php
We know it sucks to have a release only 10 days after our last one, but we think it’s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal.
The upgrade has a security fix and fixes a problem with FeedBurner. A few readers were reporting that the last Wordpress messed up the feed. This problem should be fixed now.
Find out what I am doing right now by following me on Twitter! If you like this post then please consider subscribing to my full feed RSS. You can also subscribe by Email and have new posts sent directly to your inbox.
(No Ratings Yet)
Loading ...
Here's A Few More Related Posts
Did they mention which PHP versions have the problem? I imagine that it is a much smaller user base that needs to be concerned about this patch.
I didn’t even get the chance to upgrade to 2.0.6.
I’ll upgrade to the latest soon now.
Bah, I just updated to 2.0.6 the other day
Just upgraded to 2.0.6
Oh well this is what happens if one can’t code his own stuff and needs to rely on others. Still its great open cms so no complaints here.
And let the upgrades begin! Thanks for the 411 on this one…much appreciated.
I posted about this earlier as well. I never updated to 2.0.6, but I went ahead and updated this time around.
Thanks for posting this update as I had not seen it yet. Just finished updating the site. Any idea if this is how your site got hit last week or had you not done the 2.0.6 security update?
Wordpress 2.0.7 released
I noticed just now while reading John Chow’s blog that Wordpress 2.0.7 has been released. It’s only a couple of files:
wp-admin/inline-uploading.php
wp-admin/post.php
wp-includes/classes.php
wp-includes/functions.php
wp-settings.php
wp-inc…
hope this makes it harder for someone to hack your blog.
[...] There are people who are jealous of other people’s success. They can’t succeed themselves so they try to take down someone else. Wolf Howl was the first blog to get hit and the hacker went on to hack a few other blogs before Wordpress release their 2.0.7 upgrade to stop him. [...]
With 2.1 right around the corner you might want to wait for 2.1.1, if you catch my drift.
Maybe this new update was designed just for you, John.
Does Wordpress always make upgrades this fast ? How easy / difficult is to make this upgrades ?
I just got my bog updated. I seldom go to wordpress to check if there is update. I know about both 2.06 and 2.07 update here. It is good to know that.
Aw, that was an easy update. However, with all the Wordpress hacks I keep hearing about, it seems like a worthwhile upgrade.
As much as I like the upgrade that lists the top commenters… Is there an upgrade that can also display a listing of their comments to read?
Thanks for the updates John.
FT
yup, noticed it right away. need to update
Raghu, the update is very easy if you are coming from 2.0.6 but will be a little more involved if upgrading from an older version.
For the others, try to make a habit of checking your dashboard every now and then as there will always be a post about any updates. This one I happened to see here before seeing it on my dashboard though.
Any idea if site scrapers are being widely used to find old Wordpress blogs?
I should seriously stop editing the provided template functions. Thankfully I started using a lib/ directory with my newer blogs.
Thanks for the note, helped me to remind that I’m still hosting a 2.0.5 blog - pretty much like time to give it an update!
Wordpress 2.0.7 is out: time to upgrade.
In case any of you Wordpress users haven’t heard, there’s been another upgrade to Wordpress. Version 2.0.7 is now out (thanks to John Chow for mentioning this).
There’s a few security fixes, as well as a fix for an issue with Feedburn…