WordPress 2.8.2 is available! Please update now.
 

damn. what a fucking wasting of time.

PS:WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site :D:D

its worse than linux!

That auto upgrade thingie has quit working for me. Worked great at first, but on the last two updates it failed, and I had to download the files and do it the old way. Not a biggie, but I was wondering if they changed something...(?)

I never understood why wordpress tries to fix input rather than validate and reject. It isn't as if there aren't a bazillion regexp's out there to validate a url. And, their patch is to sanitize some more.

Short of the kernel exploit released last Friday? When was the last security bug in linux? Or are you talking about applications that run under linux?

yes, they changed two things which break it on systems that don't run setuid. Plugin updating still works, but not the main wordpress because they ripped out a bunch of code and decided to save the fetched file in a directory inaccessible unless you have your FTP server set up to allow someone to skim all around the system.

Why they maintain two separate systems to perform the same function, I don't know.

Well that explains it...I mean it seems to fetch the files, but them couldn't open them to do the upgrade. Not a big deal, just seems like their updates always have unwanted "side effects"...:)

Welcome to the wonderful world of wordpress!

I seen 3 kernel updates this year, and lots more updates on core applications. And weekly updates on lots of other stuff. I'm more in the the "linux is a distro" camp instead the "linux is a 'kernel" camp.

WordPress 2.8.3 Security Release
Posted August 3, 2009 by Ryan Boren. Filed under Releases.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin.

saw 2.8.4 now too yesterday jesus.............they update more than my virus software it's getting crazy :(

It's been crazy for awhile now. It would be nice if the script got beta tested before they started telling everyone they had to update.

Rant time |thumb

I think it sux right now. Cant get used to the drag and drop widgets.

Don't say anything unflattering about WordPress unless you want to argue with some unknown newbie. |loony|
(If you don't know what I'm referring to, just ignore this.)

http://wordpress.org/development/200...urity-release/

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

I'm not sure if it is worth upgrading specifically for this, but, if you're not in the 2.8.x series, it would be worth upgrading.