WordPress 1.5.2 released

Filed as News on August 14, 2005 9:34 pm

by Duncan

The WordPress team have announced a new version of WordPress (1.5.2) is now available.

The new version includes a number of improvements and security fixes.

I’ve got to agree with the comments over at No Wow though:

“The changelog mentions that several vulnerabilities have been fixed but ‘€” once again ‘€” the developers don’€™t provide any details! One has to look at the diffs to see what has been fixed… I hate that kind of silly security by obscurity. Vague vulnerability are almost useless for administrators, just saying ‘€œwe’€™ve fixed some security problems’€? is even worse!”

As WordPress users we deserve better than this. C’mon Matt and friends, your name isn’t Mena! Open source should also equal open communication.

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!

  1. By Matt posted on August 15, 2005 at 12:59 am
    Want an avatar? Get a gravatar! • You can link to this comment

    We wouldn’t have been in such a hurry to get a release out if the security problems were obscure! The exact issues are easily findable for anyone in the security community, and there is at least one script kiddie script out there so I don’t want to point more people to it while people are still upgrading.

  2. By Eitan Caspi posted on August 15, 2005 at 12:22 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Think about those who did not upgrade, because of any reason.
    Why should the developers give anyone the knowledge of how to attack this people?!

    It is better that you simply upgrade and be left in the dark about how and why, and others won’t be attacked.


  3. By James posted on August 15, 2005 at 2:57 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    You’re not the only one who feels this way: http://www.blogherald.com/2005/08/14/wordpress-152-released/

    At least MT has always talked about security fixes right on their hompage, even before WP came out. WP could learn from Mena.

  4. By Juergen Kreileder posted on August 15, 2005 at 3:31 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    That’s a naive argument, Eitan. Hackers are not stupid, they can figure out the issue from looking at the source code. As you’ve just demonstrated, just saying “we’ve fixed a security issue” but not giving more specific information easily leads to a false sense of security.

    (Slightly longer reply to some comments I’ve received available here)

  5. » WordPress 1.5.2 Released TurboBlogger.comAugust 15, 2005 at 4:35 pm
  6. By Eitan Caspi posted on August 16, 2005 at 12:33 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Hello Juergen,

    Of course anyone can dive into the code and search for it, be it a hacker, be it administrator, but it will not be simple.
    The developers should not hand it “on a silver platter” – it will more be a benefit for script kiddies (learn and harm) than to administrators (learn and…???).
    I believe you will agree that it is better for you to be in dark than any malicious surfer being more knowledgeable.

    Regarding your note (linked from your former note) – I couldn’t agree more, that any software should have a simple automatic and scheduled update applet.
    But don’t expect too much of the free code projects, they usually struggle to build functionality with their limited resources.
    Even many commercial vendors still not at it. Go figure.