WordPress 2.6.5 critical update – 1 Security problem and 3 bugs
| Tweet | Share |
Looks like there is a critical update to WordPress available right now !
According to the official blog –
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.
With all the security issues echoing around, it’s wise to upgrade right away !
Upgrade to WordPress 2.6.5 now.
How do I know if I’m – IP-based virtual servers running on Apache 2.x. –
I don’t really know what the other stuff means either.
Hi Dennis,You can only find from your provider where you have hosted your blog. Virtual hosting is a method that servers such as webservers use to host more than one domain name on the same computer, sometimes on the same IP address.Regarding the other stuff I understand that these are the two files(feed.php and version.php) were there was security problems but now these files are updated and inlcuded along with the latest version 2.6.5. So you can just copy these two files from the 2.6.5 download and update your blog files.Sorry if that was too confusing
Wordpress 2.7 is something I am eagerly looking forward.CheersKrish
Dont wait to verify, just update in either case. ‘
Its always good to have a newer version.
Updating is easy, just replace these files alone, but before you overwrite these files, make sure that you keep a back up of the older ones.
Cheers
I’m sure you’re write about not waiting, but curious why you didn’t say to just do the full upgrade and be done?
if you have to do a full upgrade you have to replace all the files.
You will then be replacing the files with the same files, why sould you do that..? Just replace the files that have been modified. Its as simple as that…
Dennis, I think the security update by replacing the files is good enough. If you want a seamless easy full upgrade, try the Automatic Upgrade plugin.
Hi Mani,
Thanks for explaining it in detail. I have upgraded mine to 2.6.5
Mani, Thanks for the update.
I think the current version has an issue. When we edit our posts, the permalinks gets rest to the origional links.
I mean, I usually edit my permalink and make it short for the SEO factor, but one I edit the post, the permalink gets reset to the older one (the one issued by default)
Do you have this issue, mani..?
Im not aware of this as of yet. But thats something interesting. Keep a watch on it.
Sorry for the series of comments, but look at your reader count, Feedburner is showing 445, they did not fix that bug yet.
If you dont find the counter showing 445, I have a screenshot I will mail you that.
Cheers
I’m hosted with Hostgator, I just didn’t know what all the virtual stuff is.
Actually, I finally downloaded the auto-upgrade plugin and just did the while thing in one shot.
Thats the way to be. Now you dont need to worry of updates anymore. But make sure that you keep backups often. Else one boon- and you are where you started.
Cheers
Backups galore with the wp db backup plugin.