As most of you have probably already seen in your Dashboard, yesterday afternoon saw the official WordPress 2.6.2 Release. And as mentioned in the comments on my intitial news break on the 2.6.2 Beta, the focus is on two security patches to cover weaknesses in PHP’s random number generation (which affects password encryption strength), and in MySQL’s field length checking. These weren’t (technically) security bugs in WordPress, per se, but in the underlying PHP/MySQL stack. Fortunately, we’re able to route around them. This is mainly a problem if your site allows users to register for a user login, however, I would still recommend this upgrade for all users, just to be on the safe side.
For those of you who are PHP/MySQL developers yourselves, I highly recommend reading Stefan Esser’s explanation of the PHP mt_srand() bug and the MySQL SQL Column Truncation issue. He provides some really good detail of the problems. Stefan is also the developer of the PHP Suhosin module, which provides extra security-related features and protections to PHP.
It’s also important to note that these problems don’t just affect WordPress — many other PHP/MySQL applications could be vulnerable to future problems if they don’t examine and patch their code.
Related posts:
- WordPress 1.5.2 Security FUD
" There is some misleading FUD going around about a vulnerability in WordPress 1.5.2. Let’s get this out of the way plainly: There is not..." - WordPress 2.0 Release imminent
" Just three hours ago, Matt posted this on the wordpress-hackers mailing list: Subject: [wp-hackers] 2.0 Release Wednesday or Thursday, depending on the phase of..." - WordPress 2.0.4
" All WordPress users are encouraged to upgrade to the newest release, WordPress 2.0.4. The new release contains several important security updates, so you are..." - WordPress 2.2.2 Released
" There is a new security & bugfix release: WordPress 2.2.2. There are no new features in this version. Since it is a security release,..." - Important: Upgrade to WordPress 2.1.2
" In the interest of getting the word out as quickly and as widely as possible, a brief word about a new WordPress release: If..."
7 Comments
Hey, did someone change up the post editor? It seems like its missing a whole bunch of stuff now that I’ve upgraded. For instance – where is my add link button gone? I’ve got these nice drop down menus for some things like font size etc, but no linky linky!!!!
Hey, did someone change up the post editor?
I try this version and it’s nice
I still wait for better wersion but this is almost great
Wordpress is my love
it’s great cms – I always wait for new version
You’re quite faster then my Drupal security news
Think it’s about time to switch some of my Drupal sites back to WordPress now…
The new version is great. Not only the security updates, that like we all know have been more than neccessary, but especially the design options are great.
One Trackback
[...] For those of you who are geeky and would like to read the changelog (aka the upgrades) , you may want to click here (WordPress 2.6.2 Release) [...]