Jump to content
Sign in to follow this  
Followers 0

Wordpress 2.3.3

17 posts in this topic

Posted

As most will know if you log into your blog using Wordpress that theres an update but incase you don't...
[quote name='Wordpress']WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you

Share this post


Link to post
Share on other sites

Posted

Thanks (Y). Fix applied.

Share this post


Link to post
Share on other sites

Posted

Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.

Share this post


Link to post
Share on other sites

Posted

[quote name='bangbang023' post='589188527' date='Feb 6 2008, 03:00']Saw this, but thanks. One of the drawbacks of being one of the most disliked moderators here is that I have to update immediately or wind up screwed lol.[/quote]

:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.

Share this post


Link to post
Share on other sites

Posted

[quote name='Rappy' post='589188557' date='Feb 5 2008, 22:15']:|

Would people that low to do stuff like that?

I update all the time now never used to update with the small fixes.[/quote]
Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.

Share this post


Link to post
Share on other sites

Posted

Thanks for the info.
Is there a changed files link?

Share this post


Link to post
Share on other sites

Posted

[quote name='bangbang023' post='589188562' date='Feb 6 2008, 03:20']Lol, you'd be surprised. If it's not spamming the hell out of the site, it's trying various exploits. You should see the log of how many attempts were made recently to use some kind of URL exploit.

Back on topic, though, I'm very anxious to see what 2.5 brings to the table.[/quote]
I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.

Share this post


Link to post
Share on other sites

Posted

[quote name='Echilon' post='589190183' date='Feb 6 2008, 16:05']I've got a plugin called 4040 notifier installed and it logs loads of failed attempts at exploits. My blog doesn't get massive amount of traffic, but at least 10% is people trying exploits.[/quote]
I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.

Share this post


Link to post
Share on other sites

Posted

[quote name='bangbang023' post='589190229' date='Feb 6 2008, 21:29']I figured most of them are random attackers, but there's a reason I had to remove the shoutbox lol. People from here tend to get really ****y when I have to issue a warning.[/quote]

Sometimes you see yourself as a kindergarten employee, don't you..? :p
I'm sure I would..

Share this post


Link to post
Share on other sites

Posted

Thanks for the information. Updated my son's blog while I was at it.

Share this post


Link to post
Share on other sites

Posted

Cheers, I installed this to make it a little easier...

[url="http://www.zirona.com/software/wordpress-instant-upgrade/"]http://www.zirona.com/software/wordpress-instant-upgrade/[/url]

Works really well, especially if you don't always have access to download+ftp facilities

Share this post


Link to post
Share on other sites

Posted

[quote name='lunamonkey' post='589190574' date='Feb 6 2008, 23:52']Cheers, I installed this to make it a little easier...

[url="http://www.zirona.com/software/wordpress-instant-upgrade/"]http://www.zirona.com/software/wordpress-instant-upgrade/[/url]

Works really well, especially if you don't always have access to download+ftp facilities[/quote]

Yeah, been using it for a while now! (Y)

Share this post


Link to post
Share on other sites

Posted

Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.

Share this post


Link to post
Share on other sites

Posted

I don't mind the upgrade process actually and I find it "scary" to use a plug-in for updating. This will need you CHMOD your files to 0777 not?

Share this post


Link to post
Share on other sites

Posted

[quote name='sundayx' post='589190641' date='Feb 6 2008, 23:24']Is that automatic upgrade process reliable... unless Wordpress got rights to it and licenced it under its own future releases, I won't be relying upgrading on a plugin. A hassle yes.[/quote]

Well It just downloads the latest zip file, and extracts it over the directory.

I does the same thing as I would do over FTP. So I don't see how it can go wrong. (Or more wrong than me doing it) :p

Share this post


Link to post
Share on other sites

Posted

[quote name='zer0day' post='589189473' date='Feb 6 2008, 11:00']Thanks for the info.
Is there a changed files link?[/quote]

[url="http://trac.wordpress.org/changeset?old_path=tags%2F2.3.2&old=6744&new_path=tags%2F2.3.3&new=6744"]http://trac.wordpress.org/changeset?old_pa....3&new=6744[/url]

Scroll to the bottom and download the zip archive. :)

Share this post


Link to post
Share on other sites

Posted

Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.