WP-Polls 2.15 Beta Test

Just wondering if anyone of you here want to beta test WP-Polls 2.15? I need people to test it because the administration panel of WP-Polls has undergone a major change. But please do not use it on a live site as it is still a beta product.

If you downloaded it, please feedback to me via the Support Forums or by email.

Thank You.

UPDATE: Download: WP-Polls 2.20 Beta 1

1 Star2 Stars3 Stars4 Stars5 Stars (52 votes, average: 3.60 out of 5)

WordPress 3.9.2

WordPress 3.9.2 has been released and it is a security release and hence it is recommended that you update your site immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated on joint security releases.

WordPress 3.9.2 also contains other security changes:

  • Fixes a possible but unlikely code execution when processing widgets (WordPress is not affected by default), discovered by Alex Concha of the WordPress security team.
  • Prevents information disclosure via XML entity attacks in the external GetID3 library, reported by Ivan Novikov of ONSec.
  • Adds protections against brute attacks against CSRF tokens, reported by David Tomaschik of the Google Security Team.
  • Contains some additional security hardening, like preventing cross-site scripting that could be triggered only by administrators.

We appreciated responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 3.9.2 now or go to Dashboard -> Updates and click “Update Now”.

1 Star2 Stars3 Stars4 Stars5 Stars (47 votes, average: 3.60 out of 5)

WordPress 2.1.2

http://wordpress.org/development/2007/03/upgrade-212/trackback/

WordPress 2.1.2 has been released and I have updated this site to WordPress 2.1.2.

It is an emergency release, so I urged all of you to upgrade it.

Here is what happen, copied + pasted:

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

Remember to overwrite EVERY files/folders except those in the ‘wp-content’ folder.

1 Star2 Stars3 Stars4 Stars5 Stars (136 votes, average: 3.59 out of 5)

Packed Javascript For WP-Polls

As I have received many request to optimized the Javascript for WP-Polls (I will also do it for other plugins but I will beta test it with WP-Polls first), I have used Dean Edwards Packer to pack my Javascript for WP-Polls and then I have moved the Dynamic Javascript variables out of the Javascript file and into the PHP page and now I can renamed it back to .js extension instead of .php.

These 2 things that I have done should help reduce the load on the server.

If are interested to test it out, you can download WP-Polls 2.30 Beta 1.

1 Star2 Stars3 Stars4 Stars5 Stars (70 votes, average: 3.59 out of 5)