WordPress 2.3.2

WordPress 2.3.2 has been released and this release includes a number of changes including one security fix.

  • Performance improvements for post sanitization when raw content is required.
  • Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts.
  • Suppression of database errors unless WP_DEBUG is true.
  • Check for valid database connection information during install and display and error if the install fails due to database rights.
  • Support for a custom database down page to be displayed on database connection errors.
  • Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types.
  • Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack.
  • Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post.
  • Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check.
  • Addition of extra capabilites checks to xmlrpc methods.
  • Addition of extra capabilites checks to APP server.
  • Changes to validate_file() to improve its traversal attempt detection when running on windows.

Get yours today.

1 Star2 Stars3 Stars4 Stars5 Stars (132 votes, average: 3.57 out of 5)

6 thoughts on “WordPress 2.3.2”

  1. Sorry, Mr. GaMerz, but I didn’t get it that I posted 5 comments, I pressed sent then I found that my comment is not posted then I sent again, sorry gaian
    and I’d solved the problem 🙂

Comments are closed.