WordPress 2.8.2 is available! Please update now.

FuckingBastard · 2009-07-20, 08:56 AM

damn. what a fucking wasting of time.

PS:WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site

nate · 2009-07-20, 09:49 AM

its worse than linux!

LD · 2009-07-20, 10:05 AM

That auto upgrade thingie has quit working for me. Worked great at first, but on the last two updates it failed, and I had to download the files and do it the old way. Not a biggie, but I was wondering if they changed something...(?)

cd34 · 2009-07-20, 10:11 AM

I never understood why wordpress tries to fix input rather than validate and reject. It isn't as if there aren't a bazillion regexp's out there to validate a url. And, their patch is to sanitize some more.

Short of the kernel exploit released last Friday? When was the last security bug in linux? Or are you talking about applications that run under linux?

cd34 · 2009-07-20, 10:14 AM

Quote:

Originally Posted by LusciousDelight

That auto upgrade thingie has quit working for me. Worked great at first, but on the last two updates it failed, and I had to download the files and do it the old way. Not a biggie, but I was wondering if they changed something...(?)

yes, they changed two things which break it on systems that don't run setuid. Plugin updating still works, but not the main wordpress because they ripped out a bunch of code and decided to save the fetched file in a directory inaccessible unless you have your FTP server set up to allow someone to skim all around the system.

Why they maintain two separate systems to perform the same function, I don't know.

LD · 2009-07-20, 10:34 AM

Quote:

Originally Posted by cd34

yes, they changed two things which break it on systems that don't run setuid. Plugin updating still works, but not the main wordpress because they ripped out a bunch of code and decided to save the fetched file in a directory inaccessible unless you have your FTP server set up to allow someone to skim all around the system.

Why they maintain two separate systems to perform the same function, I don't know.

Well that explains it...I mean it seems to fetch the files, but them couldn't open them to do the upgrade. Not a big deal, just seems like their updates always have unwanted "side effects"...

walrus · 2009-07-20, 11:22 AM

Welcome to the wonderful world of wordpress!

nate · 2009-07-21, 08:17 AM

Quote:

Short of the kernel exploit released last Friday? When was the last security bug in linux? Or are you talking about applications that run under linux?

I seen 3 kernel updates this year, and lots more updates on core applications. And weekly updates on lots of other stuff. I'm more in the the "linux is a distro" camp instead the "linux is a 'kernel" camp.

cd34 · 2009-08-03, 08:13 PM

WordPress 2.8.3 Security Release
Posted August 3, 2009 by Ryan Boren. Filed under Releases.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin.

babymaker · 2009-08-04, 03:59 PM

saw 2.8.4 now too yesterday jesus.............they update more than my virus software it's getting crazy

walrus · 2009-08-05, 10:57 AM

Quote:

Originally Posted by babymaker

saw 2.8.4 now too yesterday jesus.............they update more than my virus software it's getting crazy

It's been crazy for awhile now. It would be nice if the script got beta tested before they started telling everyone they had to update.

LeRoy · 2009-08-07, 07:46 PM

Rant time

I think it sux right now. Cant get used to the drag and drop widgets.

Useless · 2009-08-08, 10:59 AM

Don't say anything unflattering about WordPress unless you want to argue with some unknown newbie.

(If you don't know what I'm referring to, just ignore this.)

cd34 · 2009-08-13, 03:45 PM

http://wordpress.org/development/200...urity-release/

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

I'm not sure if it is worth upgrading specifically for this, but, if you're not in the 2.8.x series, it would be worth upgrading.

2009-07-20, 08:56 AM	#1
FuckingBastard Ahhh ... sweet pity. Where would my love life be without it? Join Date: Aug 2008 Location: Fluffy Land Posts: 200	WordPress 2.8.2 is available! Please update now. damn. what a fucking wasting of time. PS:WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site __________________

2009-07-20, 09:49 AM	#2
nate I can now put whatever you want in this space :) Join Date: Mar 2009 Location: Merica! Posts: 543	its worse than linux! __________________ Its just a jump to the left.

2009-07-20, 10:05 AM	#3
LD wtfwjd? Join Date: May 2007 Posts: 2,103	That auto upgrade thingie has quit working for me. Worked great at first, but on the last two updates it failed, and I had to download the files and do it the old way. Not a biggie, but I was wondering if they changed something...(?) __________________ Artisteer Wordpress Theme Generator Create Custom Themes! My Little Network

2009-07-20, 10:11 AM	#4
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	I never understood why wordpress tries to fix input rather than validate and reject. It isn't as if there aren't a bazillion regexp's out there to validate a url. And, their patch is to sanitize some more. Short of the kernel exploit released last Friday? When was the last security bug in linux? Or are you talking about applications that run under linux? __________________ SnapReplay.com a different way to share photos - iPhone & Android

2009-07-20, 11:22 AM	#7
walrus Oh no, I'm sweating like Roger Ebert Join Date: May 2005 Location: Los Angeles Posts: 1,773	Welcome to the wonderful world of wordpress! __________________ Naked Girlfriend Porn TGP free partner account

2009-08-03, 08:13 PM	#9
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	WordPress 2.8.3 Security Release Posted August 3, 2009 by Ryan Boren. Filed under Releases. Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2009-08-04, 03:59 PM	#10
babymaker Someone Turn Off The Damn Heat! Join Date: Aug 2003 Location: The Sewer....err.philly i mean Posts: 1,366	saw 2.8.4 now too yesterday jesus.............they update more than my virus software it's getting crazy __________________ *Get ElevatedX W/Hosting 99MO!*

2009-08-07, 07:46 PM	#12
LeRoy "Young dumb and full of cum" Join Date: Jun 2007 Location: Porn Valley Posts: 2,372	Rant time I think it sux right now. Cant get used to the drag and drop widgets. __________________ JAPANESE ADULT AFFILIATE PROGRAM

2009-08-08, 10:59 AM	#13
Useless Certified Nice Person Join Date: Oct 2003 Location: Dirty Undies, NY Posts: 11,268	Don't say anything unflattering about WordPress unless you want to argue with some unknown newbie. (If you don't know what I'm referring to, just ignore this.) __________________ Click here to purchase a bridge I'm selling.

2009-08-13, 03:45 PM	#14
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	http://wordpress.org/development/200...urity-release/ Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying. I'm not sure if it is worth upgrading specifically for this, but, if you're not in the 2.8.x series, it would be worth upgrading. __________________ SnapReplay.com a different way to share photos - iPhone & Android