There is a security advisory out regarding a Snoopy PHP Webclient vulnerability. Since WordPress uses Snoopy internally, we immediately double-checked to be sure that WP isn’t affected. It’s not.
WordPress uses Snoopy internally to fetch RSS feeds for display in the
Dashboard. [...]
There is some misleading FUD going around about a vulnerability in WordPress 1.5.2.
Let’s get this out of the way plainly: There is not a code execution vulnerability in WordPress 1.5.2.
Now, a little more explanation of how this came into question: There was some communication between the person who discovered the problem (Stefan Esser, to the best of my knowledge) and Matt. [...]
Announcing WordPress 1.5.2, now available for download. Owen Winkler has a good plain-English description of the changes.
There is a security-related bugfix in this release, which affects servers that have register_globals turned on (which you shouldn’t). . [...]
An important security issue was brought to our attention which required an update for our users. You should update your blog as soon as possible to WordPress 1.5.1.3. If you are unable to do the upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory.
We were recently notified of a SQL injection bug in the WordPress code. Matt patched the code and updated the archive on the downloads page last night. All users are encouraged to upgrade to WordPress 1.5.1.2.
The patch is very simple (it just requires one new line of code in the get_category_by_ID() function), so if you don’t want to upgrade your whole installation, you can follow the instructions in the announcement. [...]
SpamForceField is my newest anti-spam plugin for WordPress. This one does a couple of interesting things:
Referer is checked against your blacklist keys. If a match is found, the connection is denied.403 Forbidden HTTP status. This also occurs for connections denied in the other two checks above.Despite previous proclaimations that there would be no new version of Internet Explorer until their next generation operating system, codenamed “Longhorn” is released, Microsoft has recently reversed that position and announced that it will be working on Internet Explorer 7, which will be more focused on fixing security problems.
Too little, too late.
The King is dead. . [...]
Earlier today, I upgraded the webserver on this box to the latest versions of Apache, PHP, mod_ssl, and a few other things. I still need to go back and do some tweaking, since the a lot of configuration file paths were different from my previous compiles. Currently, I’ve got a hodgepodge of symbolic links and config file hacks acting as a bandaid. If you notice anything misbehaving, please let me know.
