2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
Tags: release, WordpressSearch
About This Entry
- You’re currently reading “Dev Blog: WordPress 2.8.6 Security Release,” an entry on The Staff Lounge
- Published at 11.12.09 / 8pm
Related Entries
- Mark Jaquith: WordPress Worm? - Wordpress
- Weblog Tools Collection: The Correct Way To Report A Security Issue With WordPress - Wordpress
- MyBB 1.4.5 Released – Maintenance & Security Release - MyBB
- MyBB 1.4.5 Released – Maintenance & Security Release - MyBB
- Dev Blog: WordPress 2.8.4: Security Release - Wordpress
Recent Entries
- Matt: Upcoming WordCamps - Wordpress
- Dougal Campbell: WordPress Care Package - Wordpress
- Weblog Tools Collection: WordPress Plugin Releases for 09/01 - Wordpress
- WordPress Podcast: Listen to Liz Strauss: “Treat Your Blog Like a Business!” - Wordpress
- Lorelle on WP: Mind Blowing WordPress Plugins - Wordpress
Popular Resources
- Phorum-5.2.8 final released (12 replies) - 46674 Views
- Phorum-5.2.9a released (10 replies) - 35708 Views
- IPB Resources - 21800 Views
- Weblog Tools Collection: WordPress Plugin Releases for 02/07 - 17672 Views
- Phorum-5.2.9 released! Security Upgrade! (no replies) - 13812 Views
Powered By
You were quick… 2.8.6 out already?
It’s fantastic that the boys at wordpress are giving us the best protection possible with these updates, but 2.8.6?
I’ve just upgraded to 2.8.5 and thought that my next upgrade would be 2.9… how wrong was I?