WordPress 3.1.3

WordPress 3.1.3 has been released and it contains security fixes and enhancements.

  • Various security hardening by Alexander Concha.
  • Taxonomy query hardening by John Lamansky.
  • Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
  • Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
  • Improves file upload security on hosts with dangerous security settings.
  • Cleans up old WordPress import files if the import does not finish.
  • Introduce “clickjacking” protection in modern browsers on admin and login pages.

Changelog: WordPress 3.1.3
Download: WordPress 3.1.3
Download: Modified files since WordPress 3.1.2

1 Star2 Stars3 Stars4 Stars5 Stars (158 votes, average: 3.96 out of 5)

WP-DBManager 2.62

I have released WP-DBManager 2.62.

  • Added Auto Repair functionality via WP Cron, similar to the current implementation of Backing Up & Optimizing DB
  • Added nonce to all forms for added security
  • Replace get_bloginfo('name') with get_option('blogname') and make it goes through wp_specialchars_decode()
  • Ported the readme.html to readme.txt

Finally, Props to Joakim Jardenberg, Jonas Nordström and Andreas Viklund for finding and reporting the previous security vulnerability.

Download: WP-DBManager 2.62

1 Star2 Stars3 Stars4 Stars5 Stars (190 votes, average: 3.92 out of 5)

WP-DBManager 2.61

WP-DBManager 2.61 has been released and it fixes a security vulnerability which will allow user to download your wp-config.php. If you do not use the default backup folder path, you are not affected by this.

However, most users are affected and it is recommended that you upgrade WP-DBManager to 2.61.

WP-DBManager 2.62 will be out on Tuesday with added nonce security and auto-repair functionality.

Sorry for any inconvenience caused.

Download: WP-DBManager 2.61

1 Star2 Stars3 Stars4 Stars5 Stars (113 votes, average: 3.85 out of 5)