WordPress 2.8.6

WordPress 2.8.6 has been released. This is a security release.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Changelog: WordPress 2.8.6
Download: WordPress 2.8.6
Download: Modified files since WordPress 2.8.5

1 Star2 Stars3 Stars4 Stars5 Stars (164 votes, average: 3.90 out of 5)

WordPress 3.4 Beta 1

WordPress 3.4 Beta 1 has been released! The final version is expected to ship sometime next month (May 2012).

What’s New

  • Theme Customizer with Previewer
  • Flexible Custom Header Sizes
  • Selecting Custom Header and Background Images from Media Library
  • Better experience searching for and choosing a theme

Under-the-hood Changes

  • New XML-RPC API for external and mobile applications
  • New API for registering theme support for custom headers and backgrounds
  • Performance improvements to WP_Query by splitting the query (Please test!)
  • Internationalization improvements (improved performance and locale support)
  • Performance and API improvements when working with lists of installed themes
  • Support for installing child themes from the WordPress Themes Directory

Download: WordPress 3.4 Beta 1

1 Star2 Stars3 Stars4 Stars5 Stars (129 votes, average: 3.90 out of 5)

WP-Polls 2.61

I have released WP-Polls 2.61 which fixes a code injection via “HTTP Referrer” and affects users who are on WP-Polls 2.60 only.

I also took this chance to port the readme.html to the proper readme.txt which WordPress.org is using and now you can see all the details of WP-Polls right from the plugins page itself regardless if it is from your WP-Admin or WordPress.org.

All users should upgrade now

Vulnerability discovered by + Props to:

Dweeks, Leon Juranic and Chad Lavoie of the Swiftwill Security Team (www.swiftwill.com)

Download: WP-Polls 2.61

1 Star2 Stars3 Stars4 Stars5 Stars (98 votes, average: 3.90 out of 5)