2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
Search
About This Entry
- You’re currently reading “Dev Blog: WordPress 2.8.6 Security Release,” an entry on The Staff Lounge
- Published at 11.12.09 / 8pm
Related Entries
- Mark Jaquith: WordPress Worm? - Wordpress
- Weblog Tools Collection: The Correct Way To Report A Security Issue With WordPress - Wordpress
- MyBB 1.4.5 Released – Maintenance & Security Release - MyBB
- Dev Blog: WordPress 2.8.4: Security Release - Wordpress
- Dev Blog: WordPress 2.6.3 - Wordpress
Recent Entries
- Weblog Tools Collection: WordPress Plugin Releases for 03/15 - Wordpress
- 3.8.5 Styles Bug Fixes. - AnnouncementsvBStyles
- Dev Blog: OMG WordPress BBQ! - Wordpress
- Weblog Tools Collection: WordPress Theme Releases for 03/13 - Wordpress
- Libertyvasion 2010 - phpBB
Popular Resources
- Phorum-5.2.8 final released (13 replies) - 30105 Views
- Phorum-5.2.9a released (10 replies) - 26828 Views
- IPB Resources - 11112 Views
- Weblog Tools Collection: WordPress Theme Releases for 01/14 - 9393 Views
- Weblog Tools Collection: WordPress Plugin Releases for 02/07 - 8764 Views







You were quick… 2.8.6 out already?
It’s fantastic that the boys at wordpress are giving us the best protection possible with these updates, but 2.8.6?
I’ve just upgraded to 2.8.5 and thought that my next upgrade would be 2.9… how wrong was I?