WordPress has released version 2.6.5 of their blogging software. This is a security release so everyone must upgrade.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.
WordPress is skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.
Did you enjoy this post? Get John Chow Dot Com updates via email...
Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.
One of the most common complaint (or excuse) I hear from potential new bloggers is they don’t know how to install WordPress. Terms like FTP and CPanel are like a foreign language and setting up a database might as well be setting up the space shuttle for a launch. Because of the technology barrier, many would-be bloggers never start their blogs...
{ 31 comments }
Cool, I’ll have to run over and get it.
Already updated and ready to go!
I’ve just used the security fix only.
No point in upgrading the whole thing when security is the only thing to worry about.
The big thing is Wordpress 2.7. It looks so slick.
Yeah, there is no way anyone can miss that!
Thanks for the heads up as to how to simply upgrade the two files for the security fix – very useful for those that don’t want to go through a huge pain in the butt!!
unfortunately, I have upload an older version of WP
http://playcow.com I just upload the older version of wordpress, and now it release a new one again, update too often. i don’t even have time to update. LOL
your site is wordpress??
I don’t think so. In fact, it uses ASP instead of PHP.
I wonder which blogging platform uses ASP, I’d love to know because I know ASP 3.0 and would love my blog to work on it!
Darn it, it’s not a blog just some other Games website!
Can anyone tell me, the benefit and importnce of these new release wordpress and what will be the impact?thx in advance
Sure! If you don’t want to get hacked, upgrade!
Yup, I got 20 blogs hacked out of 100s
You’re kidding me!! In this case, the hacker would have hacked every blog before the update came out, I mean it takes a little time!
What exactly happens when someone hacks your blog? (no need to demonstrate on mine
I’m running the latest wp)
But seriously, I keep hearing about blogs being hacked here and there because they ran an older version with security holes. But what does it mean?
Cheers,
Alex
As John said, “If you dont’ wanna get hacked, Upgrade dew.
If you want your blog to be secured, then you need to upgrade right away.
thanks for information…the same topic in shoe blog…
Wow figures. I just bought a domain figured out how to get wordpress installed and now I need to update it. Well I guess no time like the present to learn, I’ve got another few hours to burn on frustration.
Search for plug-ins. There is an upgrade plug-in you can install and upgrading will only involve a few clicks from your WP admin pages…
Great heads up about the 2.6.4, I did not know about that! Hope measures are being taken to prevent that from happening again.
Be carefull about that 2.6.4…..
I don’t understand why so many people complain about getting WordPress upgraded. A big time saver is the WordPress Automatic Upgrade: http://wordpress.org/extend/plugins/wordpress-automatic-upgrade/
All done…upgraded and ready to go…:)
Just finished the upgrade, harmless like usually
When is wordpress 2.7 being released?
That one I am looking forward to.
nope, i will wait for v 2.7
its heck to upgrade stuffs..
i guess, i will upgrade my wordpress soon.
I’ve always loved the Automatic Upgrade plugin. Makes thing smooth & easy.