WordPress 2.3.2 Released - Security

calendar Posted on December 30, 2007   comments 3 Comments

WordPress Logo This past Friday I saw a post at CyberNet News about a WordPress vulnerability related to how future dated posts (and drafts?) could be seen by non-authorized folks.

Yesterday a new version (2.3.2) of WordPress was released and Peter Westwood offers details on what’s all involved. Definitely worth a read if you’re curious about what to expect in the new release. Among other things, it does address the above vulnerability.

I want to point out one item that caught my eye:

Support for a custom database down page to be displayed on database connection errors (#5500).

From the announcement post, it seems that your custom database error page should be in wp-content/db-error.php. I sure wish that would’ve been theme specific instead — wouldn’t that be more logical? But still, it’s a nice step and, if nothing else, will offer some creativity to all those digg-killed shared-hosting blogs. ;-)

tags Tags: , , ,

Related Posts Possibly Related Posts

Comments

3 Responses to “WordPress 2.3.2 Released - Security”

  1. Peter Westwood on December 30th, 2007 12:20 pm

    The custom database error page can’t be theme specific [because] WordPress needs database access in order to know what the current theme is.

  2. Chris Kasten on December 30th, 2007 12:34 pm

    Oh geeze… ok that makes sense. I guess I didn’t think it all the way through.

    Thanks for stopping by and clarifying :-)

  3. Yair on March 31st, 2008 12:01 pm

    during the last few months a few WordPress vulnerabilities were discovered that allowed hackers to inject links into blogs. I find it unbelievable that there is still no solution to this problem.
    I heard about the latest wordpress vulnerability from this vulnerability scanner
    http://www.beyondsecurity.com/vulnerability-scanner.html
    I guess the only way to learn about new vulnerabilities is to wait for someone else to get hurt and to protect yourself as soon as you get the news.

Leave a Reply




Have you read the Comments section on the Disclaimer page?

About

Wandering the Internet, looking at all things bright and shiny. Playing with many, writing about some. More …

Recent Posts

Recent Comments:

Twitter Activity

  • @rands can opener -- a good manager "opens up" the skills of their staff. (ok weak, but it's a friday night... have a heart) 1 hr ago
  • Bad Behavior plugin blocked almost 6K in the last week. Incredible! If your CMS/blog supports it, you oughta try it! http://is.gd/hMt 1 hr ago
  • New blog post: Zoho Becomes Even More Approachable http://tinyurl.com/5gydlg 1 hr ago
  • my home/gaming rig is too loud. I might try cutting off fans and see how the heat does. 6 hrs ago
  • when leaving a comment on a blog post, don't be afraid to glance over the other comments. People are repeating each other on a post of mine. 6 hrs ago
  • @michaelper22 After you've played with it a few days, I'll be watching for a blog post about your Evernote thoughts. :-) 11 hrs ago
  • More updates...