WordPress 2.8.6 Security Release



WordPress 2.8.6

Just as I finished publishing my previous post, I saw the notification that WordPress 2.8.6 security release is now available for download. Here’s what the official WordPress blog has to say about this new release:

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

If you were having problems accessing this blog earlier, it was because I was upgrading my WordPress install to 2.8.6. Although I trust the other authors on my blog, there’s always a possibility that some hacker or malicious user can obtain their login details and use that to compromise my blog. I just want to be sure, play safe and prevent any problems or headaches. As I always say, “better safe than sorry”. If you have other authors on your blog other than yourself, I strongly encourage you to upgrade to WordPress 2.8.6 now.

Get WordPress 2.8.6.

This is a security release, so everyone is strongly advised to upgrade their WordPress installation as soon as possible to avoid any problems or having your site compromised.

Anyone else upgraded or plan to upgrade to WordPress 2.8.6? For those that upgraded, did you encounter any issues or problems? Please share your thoughts by leaving a comment below.


Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

4 Comments

  1. Mrs-Moody

    March 17, 2010 at 3:41 PM

    Great post, good job, keep it up!

  2. Dennis Edell

    November 14, 2009 at 12:31 PM

    They have now implemented a plugin compatibility feature within all the plugin pages on the site…very cool

  3. cah ndeso

    November 13, 2009 at 9:13 PM

    Some hackers are using the existing weaknesses in the WordPress blog platform. We must always follow the updated version of WordPress to improve safety performance in blogging with WordPress. And I also had to upgrade to version 2.8.6

    Thank you for the information. Greetings of peace from Indonesia

  4. Heather Kephart

    November 13, 2009 at 7:43 AM

    Good for you for getting this done! I am sort of afraid to upgrade. Seems like every time I do a lot of my plugins stop working. Sigh.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.