Telephone Issues

The Wordpress developers have released version 2.8.5 of their popular blogging software. The version is considered a security upgrade and therefor mandatory for all Wordpress blog owners who run their own Wordpress blog (but not those running a blog at Wordpress.com). The developers are calling this released a hardening release as it tightens Wordpress security to make Wordpress blogs more secure than before. The release is also fixing a Trackback denial of service attack that is currently in the wild.

The most important changes in Wordpress 2.8.5 are therefor:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

Wordpress blogs are currently not announcing the new release. It is expected that this will change in the next hours so that the automatic update option becomes available for Wordpress webmasters who use it to update their website. Webmasters who manually update their blog can visit the Wordpress page to download the latest version of Wordpress. Additional information about the security release are available in the blog post that announced the upgrade.

Tags: wordpress, wordpress security, wordpress update, wordpress upgrade

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)
• Don’t upgrade to Wordpress 2.3 yet (3)
• Wordpress 2.8.3 (1)

This entry was posted on Wednesday, October 21st, 2009 at 2:53 pm and is filed under wordpress security, wordpress upgrade, wordpress update, wordpress, The Web, gHacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.