jump to navigation

WordPress 2.8.6 is released to address security issues. November 12, 2009

Posted by 37prime in : Announcement, Applications, Apps, Media, News, Resources, Security, Tech, Troubleshooting , trackback

If you self-installed WordPress, you should upgrade to the latest release. WordPress 2.8.6 is now available.

upgrade to WordPress 2.8.6

It is available through the built-in upgrade feature or it can be downloaded from WordPress.org.
http://wordpress.org/latest.zip

About WordPress 2.8.6 Security Release:

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Don’t be a Scoble!

Tags:, ,

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Comments»

1. Harsh Agrawal - November 13, 2009

This update was really unexpected.. though this update seems to be only for those
who have multi author blogs or is it for every one?

2. 37prime - November 13, 2009

It is recommended for everyone.
"The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations."

Remember to back-up before doing any upgrades.

v