One year ago, in the article “A New Powerful Virus Could Affect Millions of WordPress Blogs“, there was underlined the necessity of performing updates of WordPress sites, especially when critical security issues are fixed in the current software release. The latest version (2.8.2) of the popular blogging platform WordPress was just launched and is ready for free download. WordPress 2.8.2 patches an XSS security vulnerability: due to the fact that the author’s comment URLs were not fully sanitized in version 2.8.1, an attacker could used this security leak in order to redirect you from the administration area to another website.

The previous WordPress version (2.8.1) also has solved a series of security issues related to plugins administration pages. Due to the identified security leaks in the administration pages of certain plugins, an attacker could obtained access to private information published on those pages.

WordPress 2.8.2 does not have new features, therefore if you have not installed version 2.8.1 yet, here it is WordPress 2.8.1 changelog:

-Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
-Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
-The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
-A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
-Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
-Translation of role names fixed.
-wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
-Upload error messages are now correctly reported.
-Autosave error experienced by some IE users is fixed.
-Styling glitch in the plugin editor fixed.
-SSH2 filesystem requirements updated.
-Switched back to curl as the default transport.
-Updated the translation library to avoid a problem with mbstring.func_overload.
-Stricter inline style sanitization.
-Stricter menu security.
-Disabled code highlighting due to browser incompatibilities.
-RTL layout fixes.

If you already have installed WordPress 2.8.1, the update to version 2.8.2 can be performed automatically from within your blog dashboard. WordPress 2.8.2 is also available for free download as standalone PHP / MySQL application.

Free Download WordPress 2.8.2

Related Articles

• Qcodo Development Framework: PHP Coding Made Easier (0)
• Basic Concepts Of Search Engine Marketing (0)
• WordPress 2.8.5 Has An Enhanced Security System (0)
• SPNbabble: A Microblogging Service For Webmasters (0)
• PixoPoint Automatically Creates Drop Down Menus In WordPress (1)
• New Features Of PHP 5.3.0 (0)

This entry was posted on Monday, July 20th, 2009 at 5:55 am and is filed under Content Management Systems, Web Security, WordPress News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.