The WordPress.org team has released an official update to WordPress dubbed 2.3.3. This update fixes a serious security flaw that was discovered within the XML-RPC implementation. By using this flaw, a specially crafted request would allow any valid user to edit posts of any other user on that blog.
The team also managed to place three bug fixes into the patch which can be viewed here. These types of releases for WordPress.org are serious. No, the world will not end if you do not upgrade. However, you are putting your site at an increased risk of being exploited. As was reported by me on WeblogToolsCollection.com, malicious users are in fact taking advantage of the flaws found within the WP-Forum plugin. If you are using WP-Forum, you are encouraged to disable the plugin until a security patch has been released.
Visit WordPress.org to see the complete details regarding this release.
I finally got the chance to upgrade the AskApache Google 404 Ajax Search plugin along with the Google XML Sitemap plugin. I’m still trying to determine what is new in the Ajax plugin which I’m sure AskApache will probably stop by and let us know. As for the Google XML Sitemap plugin, here is a short list of changes that occurred.
- Changed HTTP client for ping requests to Snoopy
- Added “safemode” for SQL which doesn’t use unbuffered results
- Added option to run the building process in background using wp-cron
- Added links to test the ping if it failed
Make sure you head to AskApache Google 404 and Google XML Sitemaps to download the updated plugins and install them on your blog if you’re using them.
One special note for those who use the AskApache plugin. I noticed the directory that houses the plugin files had it’s name changed. When you upload this plugin, make sure to delete the old AskApache directory so they don’t conflict.
WordPress version 2.2.3 has been released. The release is slated as a “security and bug-fix” release. Considering this fixes a few security issues, it is highly recommended that you upgrade your WP install to the latest version ASAP. Considering WordPress 2.3 is around the corner, this upgrade is probably not going to sit well with a few people.
Two of the fixes in the latest version of WP are rated as “high priority“. Those two are labeled as, 4704 Invalid RSS2 Comments Feed and 4720 Users without unfiltered_html capability can post arbitrary html There were also a number of files that were changed. To see a complete list of these file changes, be sure to read WordPress 2.2.3 File Changes
Download the latest version of WordPress here http://wordpress.org/download/ Pardon me, as I commence with the upgrade! If you don’t hear from me by Monday, you’ll know why.