This past Friday I saw a post at CyberNet News about a WordPress vulnerability related to how future dated posts (and drafts?) could be seen by non-authorized folks.
Yesterday a new version (2.3.2) of WordPress was released and Peter Westwood offers details on what’s all involved. Definitely worth a read if you’re curious about what to expect in the new release. Among other things, it does address the above vulnerability.
I want to point out one item that caught my eye:
Support for a custom database down page to be displayed on database connection errors (#5500).
From the announcement post, it seems that your custom database error page should be in wp-content/db-error.php. I sure wish that would’ve been theme specific instead — wouldn’t that be more logical? But still, it’s a nice step and, if nothing else, will offer some creativity to all those digg-killed shared-hosting blogs. 
Possibly Related posts:
December 30th, 2007 
Tags: 
The custom database error page can’t be theme specific [because] WordPress needs database access in order to know what the current theme is.
Oh geeze… ok that makes sense. I guess I didn’t think it all the way through.
Thanks for stopping by and clarifying
during the last few months a few WordPress vulnerabilities were discovered that allowed hackers to inject links into blogs. I find it unbelievable that there is still no solution to this problem.
I heard about the latest wordpress vulnerability from this vulnerability scanner
http://www.beyondsecurity.com/vulnerability-scanner.html
I guess the only way to learn about new vulnerabilities is to wait for someone else to get hurt and to protect yourself as soon as you get the news.