WordPress 2.2.3 Security Release

3 Comments September 9, 2007 1380 Views

« Weekend Roundup #1 Packet8 Videophone »

2.2.3 is a security and bug-fix release for the 2.2 series. Since this is a security release, we suggest you upgrade immediately. Two of the fixes are high priority.

WordPress 2.2.3 was released two days ago. I usually upgrade A.S.A.P but I wasn’t to do it during the weekend because I was busy. It was only now, Sunday night that I had enough time to do the upgrade. So if you were here earlier and couldn’t access the blog, my apologies. I was upgrading my WordPress installation to 2.2.3.

These are the two high priority security bugs that were fixed:

• Invalid RSS2 Comments Feed
• Users without unfiltered_html capability can post arbitrary html

These are the other bugs fixed:

• On Windows machines register_activation_hook() does not work if plugin is in a subfolder of the plugins dir
• Proposal for a new plugin architecture
• MAGPIE_USER_AGENT lack of wp version
• Don’t return GMT date/time in XML-RPC, breaks some clients.
• Wordpress Admin RTL files Bug Fix
• Fix mt_allow_pings in metaWeblog.newPost (XML-RPC)
• Corrected indentation in wp-mail.php

If you haven’t upgraded your WordPress installation yet, I advise you to do so. Although WordPress 2.3 will be released in a matter of weeks, don’t delay or take the 2.2.3 upgrade for granted. It’s always better to be safe than sorry.

I love doing WordPress upgrades and this one is no exception. I know some WP users who dread doing upgrades. As long you follow instructions and make sure you have backups of your local WP files and database, you have nothing to worry about. Also, practice makes perfect! The more often you do it, the better you become at it.

If you need any help in installing or upgrading WordPress, just let me know and I’ll do my best to help you.