WordPress 3.9.2

WordPress 3.9.2 has been released and it is a security release and hence it is recommended that you update your site immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.

WordPress 3.9.2 also contains other security changes:

  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 now or go to Dashboard -> Updates and click “Update Now”.

1 Star2 Stars3 Stars4 Stars5 Stars (45 votes, average: 3.71 out of 5)

WordPress 2.5 Release Date

Accordingly to Lorelle, WordPress 2.5 will be released before WordCamp Dallas.
As taken from WordCamp Dallas website:

The Dallas 2008 WordCamp spans two days, with the first day focusing primarily on general user topics and the second day primarily on developer topics, with some overlap.

In this case, WordPress 2.5 should be out on either 28th March 2008 or 29th March 2008.

1 Star2 Stars3 Stars4 Stars5 Stars (21 votes, average: 3.71 out of 5)

WordPress 2.8.3

WordPress 2.8.3 has been released and similar to WordPress 2.8.2, this is a security fix.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended

Changelog: WordPress 2.8.3
Download: WordPress 2.8.3
Download: Modified files since WordPress 2.8.2

1 Star2 Stars3 Stars4 Stars5 Stars (293 votes, average: 3.70 out of 5)

WP-Polls & WP-UserOnline Updates

WP-Polls 2.12 Beta
» No more the use of IMG tag to generate the poll’s result. It is now based on DIV tag. The default class to it is ‘pollbar-image’ in which it will use the image as the background in the DIV. If you like something simpler, you can always replace it with ‘pollbar-css’. This will use CSS to generate the color of the poll result bar which can be configured in ‘polls-css.css’.

» I have gotten rid of wp-polls.php and the archive link below the Poll. Now if you want to to show the Polls Archive, just create a page and type in [ page_polls ] (without any spaces) in the post’s content area.

» Now you can have the title of the Poll’s Widget.

» Ability to logged by Username instead of by cookie/ip.

» Fixed an AJAX problem in which if the site’s URL doesn’t match WP Option’s Site URL, WP-Polls will not work.

WP-UserOnline 2.05 Beta
» I have gotten rid of wp-useronline.php. Now to show the UserOnline page, just create a page and type in [ page_useronline ] (without any spaces) in the post’s content area, followed by the URL to that newly created page in ‘WP-Admin -> Options -> Useronline’.

» Changed in WP-UserOnline structure: Members Mean Registered Users and Guests Mean Comment Authors or Visitors

» get_users_browsing_site(false) and get_users_browsing_page(false) will now return an array containing Total Users, Total Members, Total Guests and Total Bots Online

» Now you can have the title of the UserOnline’s Widget.

» Fixed an AJAX problem in which if the site’s URL doesn’t match WP Option’s Site URL, WP-UserOnline will not work.

1 Star2 Stars3 Stars4 Stars5 Stars (214 votes, average: 3.70 out of 5)