WordPress 2.2.2 has been released and as usual I have updated this site to WordPress 2.2.2.
Changed Files From WP 2.2.1:
Grab you copy today!
WordPress 2.2.1 has been released and as usual I have updated this site to WordPress 2.2.1.
» Atom feed validation fixes
» XML-RPC fixes
» Widget backward compatibility fixes
» Widget layout fixes for IE7
» Page and Text Widget improvements
» Remote shell injection in PHPMailer
» Remote SQL injection in XML-RPC
» Unescaped attribute in default theme
Unfortunately, 2.2.1 is not just a bug fix release. Some security issues came to light during 2.2.1 development, making 2.2.1 a required upgrade. 2.2.1 addresses the following vulnerabilities:
Grab you copy today!
WordPress 2.2 has been released and as usual I have updated this site to it. Here are the goodies copy + paste from WordPress.org.
» WordPress Widgets allow you to easily rearrange and customize areas of your weblog (usually sidebars) with drag-and-drop simplicity. This functionality was originally available as a plugin Widgets are now included by default in the core code, significantly cleaned up, and enabled for the default themes.
» Full Atom support, including updating our Atom feeds to use the 1.0 standard spec and including an implementation of the Atom Publishing API to complement our XML-RPC interface.
» A new Blogger importer that is able to handle the latest version of Google’s Blogger product and seamlessly import posts and comments without any user interaction beyond entering your login.
» Infinite comment stream, meaning that on your Edit Comments page when you delete or spam a comment using the AJAX links under each comment it will bring in another comment in the background so you always have 20 items on the page. (I know it sounds geeky, but try it!)
» We now protect you from activating a plugin or editing a file that will break your blog.
» Core plugin and filter speed optimizations should make everything feel a bit more snappy and lighter on your server.
» We’ve added a hook for WYSIWYG support in a future version of Safari.
My plugins should not break with WordPress 2.2 because the code changes are not significant unlike from WordPress 2.0 to WordPress 2.1. However, if they do break, PLEASE POST IT IN THE SUPPORT FORUMS and not in the comments. Thank you =)
WordPress 2.1.3 has been released and I have updated this site to WordPress 2.1.3.
These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.
WordPress 2.1.2 has been released and I have updated this site to WordPress 2.1.2.
It is an emergency release, so I urged all of you to upgrade it.
Here is what happen, copied + pasted:
This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
Remember to overwrite EVERY files/folders except those in the ‘wp-content’ folder.