A few hours ago, the WordPress development team decided to release WordPress 2.3.2 which is an urgent security release. This version fixes two particular bugs the first one being the bug that can expose your draft posts and the second is it suppresses some of the database error message which can give away vital information about your database. It also prevents informations leaks during XML-RPC and APP implementations.
Aside from the stuff mentioned above, the guys from WordPress has added something nice WordPress users. Version 2.3.2 allows the user to use a custom database error page. All you need to do is create a custom template and insert into the wp-content/db-error.php file. What does it do? Whenever WordPress has a problem connecting to the database, it will display this page instead of the default error page. Cool huh? I’m sure we’ll be seeing some creative DB error pages like the creative 404 pages we’ve seen in the past.
Btw, here’s a list of the fixed bugs and features included in this version:
- Sanitize_post and sanitize_post_field are very expensive no-ops
- wp_list_pages – set ‘hierarchical’ to 0 on ‘include’Suppress DB errors unless WP_DEBUG is true
- Custom DB Error Page
- Limit post_password exposure in XML-RPC metaWeblog.getRecentPosts
- query.php mistakenly uses is_admin() to check for admin privileges
- setup-config.php, install.php don’t check for a valid MySQL connection
What are you waiting for? Get WordPress 2.3.2 now and upgrade your installation. Always remember to do backups before doing an upgrade. “Prevention is better than cure” and “Better safe than sorry”!
Anyone else upgraded or plan to upgrade later to WordPress 2.3.2? Did you encounter any issues or problems during or after the installation process? Please share your thoughts by leaving a comment below.