As most of you have probably already seen in your Dashboard, yesterday afternoon saw the official WordPress 2.6.2 Release. And as mentioned in the comments on my intitial news break on the 2.6.2 Beta, the focus is on two security patches to cover weaknesses in PHP’s random number generation (which affects password encryption strength), and in MySQL’s field length checking. These weren’t (technically) security bugs in WordPress, per se, but in the underlying PHP/MySQL stack. Fortunately, we’re able to route around them. This is mainly a problem if your site allows users to register for a user login, however, I would still recommend this upgrade for all users, just to be on the safe side.
For those of you who are PHP/MySQL developers yourselves, I highly recommend reading Stefan Esser’s explanation of the PHP mt_srand() bug and the MySQL SQL Column Truncation issue. He provides some really good detail of the problems. Stefan is also the developer of the PHP Suhosin module, which provides extra security-related features and protections to PHP.
It’s also important to note that these problems don’t just affect WordPress — many other PHP/MySQL applications could be vulnerable to future problems if they don’t examine and patch their code.
Pingback: Wordpress 2.6.2 Upgrade | Prasys' Blog
Hey, did someone change up the post editor? It seems like its missing a whole bunch of stuff now that I’ve upgraded. For instance – where is my add link button gone? I’ve got these nice drop down menus for some things like font size etc, but no linky linky!!!!
Hey, did someone change up the post editor?
I try this version and it’s nice
I still wait for better wersion but this is almost great
WordPress is my love
it’s great cms – I always wait for new version
You’re quite faster then my Drupal security news
Think it’s about time to switch some of my Drupal sites back to WordPress now…
The new version is great. Not only the security updates, that like we all know have been more than neccessary, but especially the design options are great.