WORDPRESS USERS - Security Update! - GoFuckYourself.com

Jace · 01-15-2007, 04:54 PM

http://wordpress.org/download/

http://wordpress.org/development/2007/01/wordpress-207/

Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We?re able to work around it fairly easily, so we?ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

Because this is a much smaller update than previous versions, you do not have to update all of WordPress? files if you?re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6:

* wp-admin/inline-uploading.php
* wp-admin/post.php
* wp-includes/classes.php
* wp-includes/functions.php
* wp-settings.php
* wp-includes/version.php

We know it sucks to have a release only 10 days after our last one, but we think it?s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal.

Here are the changes that have been made since 2.0.6:

* Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to ?On.?
* Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
* Backport of another 304 Not Modified fix from WordPress 2.1
* Deleting WordPress Pages no longer gives an ?Are You Sure?? prompt.
* After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
* Sending an image at original size in Internet Explorer no longer adds an incorrect ?height? attribute.

And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years.

Dirty F · 01-15-2007, 04:55 PM

Sucks if you have 500 blogs.

woj · 01-15-2007, 04:57 PM

lame, only a week has passed since the last update...

Jace · 01-15-2007, 04:58 PM

Quote:

Originally Posted by Dirty Franck

Sucks if you have 500 blogs.

heh, yeah, no shit

fantastico is nice for that though, but still annoying as shit

Jace · 01-15-2007, 04:59 PM

Quote:

Originally Posted by woj

lame, only a week has passed since the last update...

yeah, it seemed like the last update was just a few days ago

luckily this one is just a drop and replace

Sarah_Jayne · 01-15-2007, 04:59 PM

Well, I guess I know what I am doing tomorrow.

ucv.karl · 01-15-2007, 05:05 PM

Quote:

Originally Posted by woj

lame, only a week has passed since the last update...

And this gem.

"And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years."

Scroto · 01-15-2007, 05:05 PM

just finished updating...again

Jace · 01-15-2007, 05:11 PM

Quote:

Originally Posted by ucv.karl

And this gem.

"And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years."

OMFG

haha, what a bunch of tools

RawAlex · 01-15-2007, 05:14 PM

These guys need to learn how to do live updates. This constant updating and patching bullshit is turning their product into work.

StarkReality · 01-15-2007, 05:20 PM

Argh...paching is nice, but if it continues this way, we'll get daily updates and I'll hire a wordpress updater...

JD · 01-15-2007, 05:24 PM

i'll just wait for end of the month update

Babaganoosh · 01-16-2007, 12:06 AM

Quote:

Originally Posted by RawAlex

These guys need to learn how to do live updates. This constant updating and patching bullshit is turning their product into work.

Yeah, for what you paid for it I would complain too.

martinsc · 01-16-2007, 12:09 AM

thanks for the heads up

tenderobject · 01-18-2007, 04:50 AM

hey jace, this only affects wordpress 2.0.6 version or all the wordpress version need to be upgraded?

cachondo · 01-18-2007, 04:54 AM

My blog site has hacked, shit!

Bliggo · 01-18-2007, 04:59 AM

Quote:

Originally Posted by tenderobject

hey jace, this only affects wordpress 2.0.6 version or all the wordpress version need to be upgraded?

This applies to all versions as .0.5 fixed stuff from 0.4 which fixed stuff from 0.3 etc etc.

ps I used version numbers for example only.

01-15-2007, 04:54 PM	#1
Jace FBOP Class Of 2013 Industry Role: Join Date: Jan 2004 Location: bumfuck, ky Posts: 35,562	WORDPRESS USERS - Security Update! http://wordpress.org/download/ http://wordpress.org/development/2007/01/wordpress-207/ Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We?re able to work around it fairly easily, so we?ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version. Because this is a much smaller update than previous versions, you do not have to update all of WordPress? files if you?re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6: * wp-admin/inline-uploading.php * wp-admin/post.php * wp-includes/classes.php * wp-includes/functions.php * wp-settings.php * wp-includes/version.php We know it sucks to have a release only 10 days after our last one, but we think it?s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal. Here are the changes that have been made since 2.0.6: * Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to ?On.? * Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug). * Backport of another 304 Not Modified fix from WordPress 2.1 * Deleting WordPress Pages no longer gives an ?Are You Sure?? prompt. * After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen. * Sending an image at original size in Internet Explorer no longer adds an incorrect ?height? attribute. And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years.

01-15-2007, 04:57 PM	#3
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	lame, only a week has passed since the last update... __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

01-16-2007, 12:09 AM	#14
martinsc Too lazy to set a custom title Industry Role: Join Date: Jun 2005 Location: 127.0.0.1 Posts: 27,047	thanks for the heads up __________________ Make Money

01-18-2007, 04:50 AM	#15
tenderobject Need Designs? 312352846 Industry Role: Join Date: Dec 2004 Location: Somewhere Posts: 11,684	hey jace, this only affects wordpress 2.0.6 version or all the wordpress version need to be upgraded? __________________ NEED DESIGNS?!?

01-15-2007, 04:55 PM	#2
Dirty F Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Posts: 59,204	Sucks if you have 500 blogs.

01-15-2007, 04:59 PM	#6
Sarah_Jayne Now with more Jayne Industry Role: Join Date: Dec 2002 Location: Los Angeles Posts: 40,077	Well, I guess I know what I am doing tomorrow.

01-15-2007, 05:05 PM	#8
Scroto Confirmed User Join Date: Nov 2005 Posts: 2,804	just finished updating...again

01-15-2007, 05:14 PM	#10
RawAlex So Fucking Banned Join Date: Oct 2003 Location: In a house. Posts: 9,465	These guys need to learn how to do live updates. This constant updating and patching bullshit is turning their product into work.

01-15-2007, 05:20 PM	#11
StarkReality Confirmed User Join Date: May 2004 Location: 4 8 15 16 23 42 Posts: 4,444	Argh...paching is nice, but if it continues this way, we'll get daily updates and I'll hire a wordpress updater...

01-15-2007, 05:24 PM	#12
JD Too lazy to set a custom title Industry Role: Join Date: Sep 2003 Posts: 22,651	i'll just wait for end of the month update

01-18-2007, 04:54 AM	#16
cachondo Confirmed User Industry Role: Join Date: Sep 2004 Location: Valencia (Spain) Posts: 808	My blog site has hacked, shit!