The Blog Herald logo

  • News
  • Features
  • Guides
  • Editorial
  • Interviews
  • Blog Tips
  • More
    • General
    • Blog Conferences
    • Contact Us

Recommended Update: WordPress 2.0.6

January 7, 2007 by Markku Seguerra

In light of the recently reported cross–site scripting vulnerabilities in WordPress, version 2.0.6 has been released to address the said issues in the templates.php file as detailed in these entries from Operation N and Security Focus. (As cited in our related coverage.)

Along with the aforementioned fixes, changes were made specific to the comments system, now filtering for input that may ruin layouts and markup. Also listed in the summary of changes is the compatibility for PHP/FastCGI setups and the now functional HTML quicktags for Safari browsers.

But as of writing, the 2.0.6 update is not without problems. Mark Jaquith was quick to point out the possible problem with Feedburner feeds. Apparently, fixes made to the 2.0.5 code has triggered another problem that may affect a different set of users. He offers a solution, and cites related entries from The NeoSmart Files and K-Squared Ramblings, both with more details on the problem and more importantly, how to fix them, now. With the almost–instant response to this last–minute problem, Lorelle was quick to point out how well the community of WordPress developers are addressing reported problems and vulnerabilities.

If you’re upgrading this soon, be sure to backup your database (and files) beforehand and note whatever hacks to the core code you may have made before. I typically defer upgrading for a few more days to check for early–adopter problems like this. If you’d rather upgrade now, watch out for reports on new issues, be it security or performance–related. Again: backup, backup!

Author: Markku Seguerra

Related

Filed Under: News Tagged With: Blog Software

Like & Share this Article

Comments

  1. Mark says

    January 7, 2007 at 9:21 pm

    This security issue has been found in specifically on WordPress 2.0.5’s template.php allows a user with access to the templates.php to insert arbitrary HTML and/or Javascript which can be then executed by other administrators. The link title of recent accessed files is not sanitized which causes the HTML tags ending with “/” fail. Prior to 2.0.6 release, the temporary workaround is using open “IMG” tags which only works on Firefox and Internet Explorer

  2. Fundraiser says

    January 18, 2007 at 7:10 pm

    A few questions from a blog idiot

    How do you keep the spammers from eating you alive? i\’ve seen blogs with nothing but spam postings.

    How do you keep some left wing extremist from posting racist or defamatory rhetoric? and if you cant stop them, what are you legally liabel when they do?

    can viruses be posted to blogs?

Popular posts

Does Your Blog Need Disclaimer?

 

Seven Great Sites For Legal Free content

 

Writing A Blog Disclaimer

 

Things You Can Do If You Have Too Much Work

 

Blogging Like a Rockstar with Chris Ducker

 

Four Ways to Boost Your Content’s Impact

 

Test

Blog Security

How to Protect Your Blog From an Advanced DDoS Attack

How to Safeguard Your Website and Customers from Data Breaches

The Story Of Aaron Swartz And How His Death Could Change Computer Crime Laws

The Blog Herald © 2019 Splashpress Media