WordPress 2.8.5

WordPress 2.8.5 has been released. This release makes your WordPress even more secure:

  • A fix for the Trackback Denial-of-Service attack that is currently being seen.
  • Removal of areas within the code where php code in variables was evaluated.
  • Switched the file upload functionality to be whitelisted for all users including Admins.
  • Retiring of the two importers of Tag data from old plugins.

Changelog: WordPress 2.8.5
Download: WordPress 2.8.5
Download: Modified files since WordPress 2.8.4

1 Star2 Stars3 Stars4 Stars5 Stars (254 votes, average: 3.92 out of 5)

WP-DBManager 2.62

I have released WP-DBManager 2.62.

  • Added Auto Repair functionality via WP Cron, similar to the current implementation of Backing Up & Optimizing DB
  • Added nonce to all forms for added security
  • Replace get_bloginfo('name') with get_option('blogname') and make it goes through wp_specialchars_decode()
  • Ported the readme.html to readme.txt

Finally, Props to Joakim Jardenberg, Jonas Nordström and Andreas Viklund for finding and reporting the previous security vulnerability.

Download: WP-DBManager 2.62

1 Star2 Stars3 Stars4 Stars5 Stars (190 votes, average: 3.92 out of 5)

WordPress 3.5

WordPress 3.5 is out after 6 RCs!

[wpvideo jQDfEbzZ]

What’s New

If you’ve been around WordPress a while, the most dramatic new change you’ll notice is a completely re-imagined flow for uploading photos and creating galleries. Media has long been a friction point and we’ve listened hard and given a lot of thought into crafting this new system. 3.5 includes a new default theme, Twenty Twelve, which has a very clean mobile-first responsive design and works fantastic as a base for a CMS site. Finally we’ve spent a lot of time refreshing the styles of the dashboard, updating everything to be Retina-ready with beautiful high resolution graphics, a new color picker, and streamlining a couple of fewer-used sections of the admin.

For Developers

You can now put your (or anyone’s) WordPress.org username on the plugins page and see your favorite tagged ones, to make it easy to install them again when setting up a new site. There’s a new Tumblr importer. New installs no longer show the links manager. Finally for multisite developers switch_to_blog() is way faster and you can now install MS in a sub-directory. The Underscore and Backbone JavaScript libraries are now available

Codex: WordPress 3.5
Download: WordPress 3.5

1 Star2 Stars3 Stars4 Stars5 Stars (169 votes, average: 3.92 out of 5)

WordPress 2.8.6

WordPress 2.8.6 has been released. This is a security release.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Changelog: WordPress 2.8.6
Download: WordPress 2.8.6
Download: Modified files since WordPress 2.8.5

1 Star2 Stars3 Stars4 Stars5 Stars (163 votes, average: 3.92 out of 5)