WordPress 2.6.3

WordPress 2.6.3 is out, it fixes a Snoopy class vulnerability.

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If you don’t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.

Replace these 2 files:

  1. wp-includes/class-snoopy.php
  2. wp-includes/version.php

Download full version:

1 Star2 Stars3 Stars4 Stars5 Stars (42 votes, average: 3.86 out of 5)

WordPress 2.6.2

WordPress 2.6.2 has been released.

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.

Here is a list of bugs fixed:

  • Can’t control where a user redirects to when they log in
  • Bug in textpattern import
  • include mysql version in version check query string
  • RSS widget shouldn’t link if there isn’t a link
  • get_post_meta fails to unserialize when $single=false
  • typing error in wp-settings.php
  • comment_max_links causes confusion when zero
  • get_posts not working properly
  • Insert image into post always inserts full size
  • Filter news on templates cant work
  • Typo in post revisions

Here is a list of changed files:

  • wp-login.php
  • wp-settings.php
  • /wp-includes/formatting.php
  • /wp-includes/pluggable.php
  • /wp-includes/post.php
  • /wp-includes/query.php
  • /wp-includes/version.php
  • /wp-includes/widgets.php
  • /wp-admin/css/press-this-ie.css
  • /wp-admin/import/textpattern.php
  • /wp-admin/includes/image.php
  • /wp-admin/includes/template.php

Download WordPress 2.6.2

1 Star2 Stars3 Stars4 Stars5 Stars (78 votes, average: 3.63 out of 5)

WordPress 2.6.1

WordPress 2.6.1 has been released and it is a very minor release. Not security flaws has been found and hence WordPress 2.6.1 is not a security fix so if you are comfortable with WordPress 2.6 like me, you don’t have to upgrade.

2.6.1 offers several improvements for international users. Styling of the admin for right-to-left languages is much improved thanks to the efforts of the Farsi and Hebrew translation teams, and a mysterious gettext bug caused by certain PHP configurations is now fixed. For IIS users, 2.6.1 fixes several permalink problems. Image insertion problems in the Press This feature experienced by IE users are also fixed. Of note to everyone is a fix for a performance bug in the admin where those with a lot of plugins would experience slowness on some pages.

I am so looking forward to WordPress 2.7 as lots of features which are available as plugin will be built into the core.

Download WordPress 2.6.1

*UPDATE* I decided to upgrade to stopped the nagging upgrading message to appear.

1 Star2 Stars3 Stars4 Stars5 Stars (202 votes, average: 3.82 out of 5)

Lester Chan’s WordPress Plugins July 2008 Update

Here is my July 2008 WordPress plugins update containing all my 15 WordPress plugins. All of them should work on WordPress 2.5 as well as WordPress 2.6. It is not tested for any version below that.

In general, most of the updates are bug fixes. These updates in theory should be able to work till WordPress 2.7 when it comes out end of this year.

My new semester will begin on 2nd week August 2008, and hence I will be busy with my school work. So no updates to my plugins will be out till the end of this year unless it is a critical bug or a security issue.

Be sure to read the readme.html and checkout the changelog for more information and most importantly NOTE THE TABS AT THE TOP

WP-Ban 1.31
» Readme/Changelog
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-DBManager 2.31
» Readme/Changelog
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-DownloadManager 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-EMail 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PageNavi 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PluginsUsed 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Polls 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PostRatings 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PostViews 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Print 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-RelativeDate 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-ServerInfo 1.31
» Readme/Changelog
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Sticky 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Stats 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Useronline 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

If you like or love my plugins a lot, do consider making a donation to me. My Paypal email address is lesterchan AT gmail DOT com. Thank you =D

1 Star2 Stars3 Stars4 Stars5 Stars (85 votes, average: 4.18 out of 5)

WordPress 2.6 Release

http://wordpress.org/development/2008/07/wordpress-26-tyner/trackback/

WordPress 2.6 has been released.

Here are some new features of WordPress 2.6:

  • Post Revisions: Wiki-like tracking of edits
  • Press This!: Post from wherever you are on the web
  • Shift Gears: Turbo-speed your blogging
  • Theme Previews: See it before your audience does
  • Word count
  • Image captions under your image
  • Bulk management of plugins
  • A completely revamped image control to allow for easier inserting, floating, and resizing. It’s now fully integrated with the WYSIWYG
  • Drag-and-drop reordering of Galleries
  • Plugin update notification bubble
  • Customizable default avatars
  • You can now upload media when in full-screen mode
  • Remote publishing via XML-RPC and APP is now secure (off) by default
  • Full SSL support in the core, and the ability to force SSL for security
  • You can now have many thousands of pages or categories with no interface issues
  • Ability to move your wp-config file and wp-content directories to a custom location, for “clean” SVN checkouts
  • Select a range of checkboxes with “shift-click.”
  • You can toggle between the Flash uploader and the classic one
  • A number of proactive security enhancements, including cookies and database interactions
  • Stronger better faster versions of TinyMCE, jQuery, and jQuery UI

2.6 is pretty much identical to 2.5 from a plugin and theme compatibility point of view, so upgrades from 2.5 should be pretty painless. The 2.5 branch will no longer be maintain so everyone is encouraged to upgrade.

» Download WordPress 2.6

PS: The current version of my plugins should work well with WordPress 2.6 except WP-DownloadManager. Nevertheless, I will release updates to all of them tomorrow.

1 Star2 Stars3 Stars4 Stars5 Stars (18 votes, average: 4.06 out of 5)