Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade. Read more »
Author Archives: Ryan Boren
WordPress 2.9.1 Release Candidate 1
December 29, 2009 – 6:27 PM
Thanks to everyone who tested 2.9.1 Beta 1. We’re following that up with Release Candidate 1. RC1 contains a few more fixes, bringing the number of fixed tickets up to 23. If you are already running Beta 1, visit Tools->Upgrade in your blog’s admin to get RC1. You can also download the RC1 package and [...] Read more »
WordPress 2.9.1 Beta 1
December 23, 2009 – 2:58 PM
Unfortunately, the recent 2.9 release triggered a bug in certain versions of PHP’s curl extension. With these versions of curl, scheduled posts and pingbacks are not processed correctly. To fix this problem as well as a handful of other, lesser issues, we are quickly releasing 2.9.1, the first maintenance release of the 2.9 line. Help [...] Read more »
WordPress 2.8.6 Security Release
November 12, 2009 – 2:17 PM
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue [...] Read more »
