Successfully upgraded to WordPress 2.1.3
These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.
Emergency upgrade to WordPress 2.1.2
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
Not sure if I was affected, but better safe than sorry.
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it.
Successfully upgraded to WordPress 2.1.1
[...]“Ella”, named for jazz vocalist Ella Fitzgerald. Here’s a sampling of what’s in the new version:
- Autosave makes sure you never lose a post again.
- Our new tabbed editor allows you to switch between WYSIWYG and code editing instantly while writing a post.
- You can set any “page” to be the front page of your site, and put the latest posts somewhere else, making it much easier to use WordPress as a content management system.
- Redesigned login screen from the Shuttle project.
- More AJAX to make custom fields, moderation, deletions, and more all faster. My favorite is the comments page, which new lets you approve or unapprove things instantly.
- Pages can now be drafts, or private.
- Our admin has been refreshed to load faster and be more visually consistent.
- A new version of the Akismet plugin is bundled.
…and much, much more.
Version 2.1.1 includes about 30 bug fixes, mostly minor things around encoding, XML-RPC, the object cache, and HTML code. It’s available for immediate download on our download page.
Successfully upgraded to WordPress 2.0.6
[...] We have a pretty important release available for everyone, it includes an important security fix and it’s recommended that everyone upgrade. This is the latest release in our stable 2.0 line, which we’ve committed to maintaining for several more years.
Here’s what’s new:
- The aforementioned security fixes.
- HTML quicktags now work in Safari browsers.
- Comments are filtered to prevent them from messing up your blog layout.
- Compatibility with PHP/FastCGI setups.
For developers, there’s a new anti-XSS function called attribute_escape(), and a new filter called “query” which allows you filter any SQL at runtime. [...]
Victoria tagged me for the five things meme, so here it goes. Five things you may not have not known about me. But if you did, there is no prize.
Now I get to tag others for this. That’s a lot more fun.