WordPress 2.8.6 Security Release

12 Nov 2009 ·

WordPress



WordPress Logo

Just as I finished publishing my previous post, I saw the notification that WordPress 2.8.6 security release is now available for download. Here’s what the official WordPress blog has to say about this new release:

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

If you were having problems accessing this blog earlier, it was because I was upgrading my WordPress install to 2.8.6. Although I trust the other authors on my blog, there’s always a possibility that some hacker or malicious user can obtain their login details and use that to compromise my blog. I just want to be sure, play safe and prevent any problems or headaches. As I always say, “better safe than sorry”. If you have other authors on your blog other than yourself, I strongly encourage you to upgrade to WordPress 2.8.6 now.

Get WordPress 2.8.6.



Subscribe to JaypeeOnline's RSS feed  Share this on del.icio.us  Stumble It!  Digg this!  Share this on Facebook  Tweet this!  Share on FriendFeed  Bookmark It!  Submit to Reddit!  Share on Mixx  Buzz It!  Email this story to a friend!
Written by Jaypee Habaradas
Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Twitter @jaypee or Facebook.
Didn't find what you're looking for? Try looking for it again.

Related Posts

Related Ads






















, , , ,

« WordPress Visual Cheat Sheet
Free Google Analytics API Dashboard Application »


6 Responses to “WordPress 2.8.6 Security Release”

  1. Mrs-Moody GERMANY Internet Explorer Windows Says:
    March 17th, 2010 at 3:41 pm

    Great post, good job, keep it up!

  2. Dennis Edell UNITED STATES Mozilla Firefox Windows Says:
    November 14th, 2009 at 12:31 pm

    They have now implemented a plugin compatibility feature within all the plugin pages on the site…very cool
    Dennis Edell´s last blog ..He/She Has Unsubscribed – Should You Ask Why? My ComLuv Profile

  3. cah ndeso INDONESIA Mozilla Firefox Windows Says:
    November 13th, 2009 at 9:13 pm

    Some hackers are using the existing weaknesses in the WordPress blog platform. We must always follow the updated version of WordPress to improve safety performance in blogging with WordPress. And I also had to upgrade to version 2.8.6

    Thank you for the information. Greetings of peace from Indonesia
    cah ndeso´s last blog ..Block SPAM dengan RECAPTCHA My ComLuv Profile

  4. Heather Kephart UNITED STATES Mozilla Firefox Windows Says:
    November 13th, 2009 at 7:43 am

    Good for you for getting this done! I am sort of afraid to upgrade. Seems like every time I do a lot of my plugins stop working. Sigh.
    Heather Kephart´s last blog ..Daily Journaling for Children My ComLuv Profile

**Comments posted on JaypeeOnline are moderated. I reserve the right to edit/delete comments that contain words or phrases that are defamatory, abusive, incite hatred and advertise an email address, commercial services or spammy.

Don't Be Shy. Share your thoughts!


Live Comment Preview


Trackbacks/Pingbacks

  1. uberVU - social comments says:
    November 13, 2009 at 9:37 pm

    Social comments and analytics for this post…

    This post was mentioned on Twitter by hopkinsdavid: WordPress 2.8.6 Security Release http://ff.im/-bpbPN Upgrade if you self-host…

  2. Tweets that mention WordPress 2.8.6 Security Release -- Topsy.com says:
    November 13, 2009 at 9:17 am

    [...] This post was mentioned on Twitter by Reyjr Rombawa, Allied Bloggers. Allied Bloggers said: RT @jaypee WordPress 2.8.6 Security Release http://ow.ly/BUHe [...]