WordPress.org

Ready to get started?Download WordPress

WordPress 2.6.2

Posted September 8, 2008 by Ryan Boren. Filed under Releases, Security.

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand().  With his help we worked around these problems and are now releasing WordPress 2.6.2.  If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.  Stefan Esser will release details of the complete attack shortly.  The attack is difficult to accomplish,  but its mere possibility means we recommend upgrading to 2.6.2.

Other PHP apps are susceptible to this class of attack.  To protect all of your apps, grab the latest version of Suhosin.  If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit.  You should still upgrade to 2.6.2 if you allow open user registration so as to prevent the possibility of passwords being randomized.

2.6.2 also contains a handful of bug fixes.  Check out the full changeset and list of changed files.

No Pings

RSS feed for comments on this post.

  1. [...] (: Neyse fazla uzatmayayım yatıcam birazdan. WordPress resmi sitesinde yapılan açıklamaya buradan ulaşabilirsiniz.Sabah uyanır uyanmaz hemen bloğumu güncelleyeceğim.Sizde geç kalmadan [...]

    Pingback from WordPress 2.6.2 Çıktı ! | mBlog on September 8, 2008

  2. [...] all the details, read the official WordPress 2.6.2 announcement or glance through the list of bugs fixed in 2.6.2 [...]

    Pingback from Upgrade to WordPress 2.6.2! | Perfect Blogger on September 8, 2008

  3. WordPress 2.6.2…

    Recién salida del horno, tenemos otra pequeña actualización para WordPress para corregir un bug detectado que permitía resetear la contraseña de otro usuario (aunque la nueva se le mandaba a su email) que, junto con una debilidad en la función pa……

    Trackback from Luna on September 8, 2008

  4. [...] 23:30 på måndagen postade jag ett inlägg om att WordPress version 2.6.2 hade släppts. Först fanns det ingen information om vad den nya versionen innehåller, men nu en timma senare så uppdaterades den officiella WordPress-bloggen. [...]

    Pingback from WordPress 2.6.2 och säkerhet | Sennbrink Konsult on September 8, 2008

  5. [...] check out the info about 2.6.2 here, or [...]

    Pingback from WordPress 2.6.2 Upgrade!! | The Frosty on September 8, 2008

  6. WordPress 2.6.2 veröffentlicht…

    WordPress 2.6.2 wurde veröffentlicht!
    Noch gibt es im Entwicklerblog kein Statement zu dem Release, aber auf WordPress.org und in der automatischen Updatebenachrichtigung wird die neue Version schon angezeigt. Informationen zu diesem Release werde…

    Trackback from WordPress Deutschland Blog on September 8, 2008

  7. [...] released a minor upgrade today for any blog running version 2.6. Although it’s not a huge deal, it is worth doing if your [...]

    Pingback from Astroengine is Now Bulletproof: Upgrade to WordPress 2.6.2 | astroengine.com on September 8, 2008

  8. [...] WordPress 2.6.2 标签: WordPress, 更新 作者: motta | 分类: WordPress 添加回复 本文链接: [...]

    Pingback from 更新: WordPress 2.6.2 | motta's here on September 8, 2008

  9. WordPress 2.6.2…

    Rein zufällig darf ich heute quasi live ein neues WordPress Release miterleben. Über das WordPress Admin Interface kommt seit einigen Minuten die Nachricht über ein verfügbare Update auf Version 2.6.2 herein.
    Noch fehlen entsprechende Einträge im……

    Trackback from CoreBlog on September 8, 2008

  10. [...] Here’s why WP asks you to upgrade. To quote: Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2. Read more here. [...]

    Pingback from WordPress 2.6.2 released today | Travel Light on September 8, 2008

  11. [...] WordPress’s blog post about this upgrade [...]

    Pingback from Upgraded to 2.6.2 :: john010117.com on September 8, 2008

  12. [...] eine neue Bugfix-Version der bekannten Blogsoftware veröffenlicht. Dieses mal wurde auch eine Sicherheitslücke geschlossen, die es bei offener Userregistrierung erlaubt hätte, sich einen neuen Benutzer zu [...]

    Pingback from Dampfmaschine » Blog Archive » WordPress 2.6.2 veröffentlicht on September 8, 2008

  13. [...] i dettagli per ora potete leggere sul post in inglese, a breve verrà rilasciato il pacchetto italiano ed un post [...]

    Pingback from E’ disponibile WordPress 2.6.2 » Archivi Blog » WordPress Italy on September 8, 2008

  14. [...] de leer en las notas de esta nueva versión que urge actualizar si tenéis abierto el registro de usuarios en el blog, hay un bug para la [...]

    Pingback from DaboBlog - Cibercultura | Seguridad | GNU/Linux | Redes | Mac OS X | CMS| Opinión | Por David Hernández (Dabo) on September 8, 2008

  15. [...] info e changelog del [...]

    Pingback from Aggiornamento di sicurezza per WordPress | Andrea 'Bau' Pinti on September 8, 2008

  16. [...] problems affecting users that allowed open registration.  You can read the full details in the release post or go directly to the download [...]

    Pingback from Mandatory Update: WordPress 2.6.2 | Blog Tipz on September 8, 2008

  17. [...] was just announced on the WordPress development blog that 2.6.2 has been released. If you allow user registration, it’s highly recommended you upgrade [...]

    Pingback from WordPress 2.6.2 Released | Theme Lab on September 8, 2008

  18. [...] Artigo oficial [...]

    Pingback from WordPress 2.6.2 | Eurico Leite on September 8, 2008

  19. [...] Tutti i dettagli su WordPress Blog [...]

    Pingback from Vocescuola - WordPress 2.6.2 on September 8, 2008

  20. [...] enteramos via Daboblog de la nueva version de WordPress 2.6.2 disponible con caracter de seguridad debido a problemas de seguridad que afectan a aquellas [...]

    Pingback from WordPress 2.6.2 Security Update | Tracker IslaServer on September 8, 2008

  21. [...] registrations on your blog. See the WordPress Dev Blog for details, but in short the new update fixes the SQL Column Truncation vulnerability and the [...]

    Pingback from Place of Stuff » Blog Archive » WordPress 2.6.2 on September 8, 2008

  22. [...] the WordPress.org security [...]

    Pingback from WordPress 2.6.2 Update - Business Blogging for Corporate Blogs on September 8, 2008

  23. [...] WordPress 中文站的最新消息: WordPress 开发者刚刚发布了 WordPress 2.6.2 版本,这是 WordPress 2.6 系列的第二个修正版本。根据此版本,我们 WordPress [...]

    Pingback from WordPress 2.6.2 中文版发布 - 总而言之,统而言之 on September 8, 2008

  24. [...] przed chwilą pojawiła się informacja o wypuszczeniu WordPressa 2.6.2. Jest to poprawka bezpieczeństwa: With open registration enabled, [...]

    Pingback from WordPress 2.6.2 - Tomasz Topa on September 8, 2008

  25. [...] à jour de sécurité de WordPress 2.6.2 : The randomly generated password is not disclosed to the attacker, so this problem by itself is [...]

    Pingback from Mise à jour de sécurité WordPress 2.6.2 | Site Creation on September 8, 2008

  26. [...] WP 2.62 is out. It addresses a possible security hole if you have open registration enabled. Upgrade if you need to. Posted by jbm Filed in blog, wordpress [...]

    Pingback from blog.mignault.net » Blog Archive » ObUpgPost on September 9, 2008

  27. [...] WordPress › Blog » WordPress 2.6.2 なにやら危険な不具合があるようで、2.6.2 にアップグレドすることを進めているようです。 Suhosin ってのに微弱なとこがあるのかな? [...]

    Pingback from WordPress 2.6.2 リリース | orioa on September 9, 2008

  28. [...] un mois après le lancement de sa version 2.6.1 il est à nouveau temps de procéder à la mise à jour de votre moteur de Blogs favori, je parle de WordPress bien entendu. Vous pouvez téléchargez dès [...]

    Pingback from WORDPRESS 2.6.2 : Téléchargez WordPress 2.6.2 !!! | Blog Geek et High-Tech Nowhere Else on September 9, 2008

  29. [...] na área de download a nova versão do WordPress (2.6.2). Já tem tempo que não abordo este tema aqui no bernabauer.com, até mesmo por que boa parte dos [...]

    Pingback from WordPress 2.6.2 e PHP em risco! | bernabauer.com on September 9, 2008

  30. [...] con la catalogación de “Actualización de seguridad”, concrétamente la 2.6.2 que corrige un fallo de seguridad en las versiones 2.6.1 y anteriores que hace posible bajo un ataque nada sencillo de efectuar, [...]

    Pingback from WordPress 2.6.2, actualización urgente con registro de usuarios abierto « Cajón desastres on September 9, 2008

  31. [...] to a rather obscure but potentially harmful exploit, WordPress is advising all users to upgrade to version 2.6.2.  Along with the security patch, the update includes a few bug [...]

    Pingback from WordPress 2.6.2 released | MickMel SEO on September 9, 2008

  32. [...] with a few bug fixes (see full list). For more information on WordPress version 2.6.2, read the official WordPress version 2.6.2 documentation. Download the latest versions of WordPress: WordPress [...]

    Pingback from WordPress 2.6.2 is Released | Sandbox Development and Consulting Inc. on September 9, 2008

  33. [...] we have to upgrade. But where is my  [...]

    Pingback from WordPress 2.6.2 at Sean Yeomans Consulting on September 9, 2008

  34. [...] more information and to download this release, check out theWordPress Blog Share and [...]

    Pingback from WordPress 2.6.2 Released | MyPCTools.net on September 9, 2008

  35. [...] reminder that WordPress 2.6.2 has just been released. You can read the official announcement here.  If anyone hasn’t had a chance to check out the WordPress Automatic Upgrade plugin, I [...]

    Pingback from WordPress 2.6.2 | Where is Waldo on September 9, 2008

  36. [...] 这里是官方的说明,好像是解决了一个用户登录注册时候的问题,需要更新的朋友赶紧下载更新。 [...]

    Pingback from wordpress 2.6.2出来了? | 创意纪 on September 9, 2008

  37. [...] WordPress 2.6.2のアップグレードリリースはこちらからどうぞ。 [...]

    Pingback from WordPress 2.6.2がリリースされました。 | トラフィック・マーケティング秘密情報局ウェブ・スパイ - webspy.jp on September 9, 2008

  38. wordpress2.6.2发布…

    这个wordpress更新得也太频繁了吧,已经跟不上他的脚步了。按照官方的说法,如果你的blog开放了用户注册,请记得一定要更新到这个最新的2.6.2版本。原文部分如下:
    If you allow open registration o……

    Trackback from 生活点滴Enjoy Life on September 9, 2008

  39. [...] new wordpress 2.6.2 has been released. If you allow user registration, it’s highly recommended you upgrade [...]

    Pingback from WordPress 2.6.2 on September 9, 2008

  40. [...] You can view the entire post from the WordPress development team at the WordPress development blog (appropriately enough) by pointing your web browser to http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from JungleJar » WordPress 2.6.2 on September 9, 2008

  41. [...] 2.6.2 Out.→ [...]

    Pingback from 2.6.2 Out. :: WPLover on September 9, 2008

  42. [...] viendo que tal estaban las visitas en el blog, cuando voy leyendo que ya esta la nueva version de WordPress 2.6.2. Al parecer descubrieron otro bug y pues lanzaron esta actualizacion de [...]

    Pingback from Listo para descargar WordPress 2.6.2 | Five Horizons on September 9, 2008

  43. [...] 2.6.2 has been released for download.  This is an important security update for any WordPress sites that allow open [...]

    Pingback from WordPress 2.6.2 released - Crane Factory on September 9, 2008

  44. [...] WordPress 2.6.2 has been released. Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2. [...]

    Pingback from Blog » WordPress 2.6.2 | lesterchan.net/wordpress on September 9, 2008

  45. [...] the fudge? WordPress 2.6.2 available? Maybe I should leave this update until the morning, I’m too drunk to [...]

    Pingback from Scribbler’s Laid A Big Juicy Log | Holy cow! WordPress 2.6.2 on September 9, 2008

  46. [...] Más información aquí: Blog de  WordPress [...]

    Pingback from » Actualizado a WP 2.6.2 para corregir un fallo de seguridad Mi Blog: SEO, Actualidad, PEB, Personales y Articulos de Interes General on September 9, 2008

  47. [...] Attention bloggers if you have manually installed WordPress then you should immediately upgrade to 2.6.2. There are security issues in 2.6.1 which are now fixed in 2.6.2. [...]

    Pingback from Update WordPress 2.6.2 Immediately | BlueFur.com on September 9, 2008

  48. [...] WordPress 2.6.2 was released. 2.6.2 includes security and bug fixes and it is recommended that everyone update immediately [...]

    Pingback from WordPress 2.6.2 « Matt's Blog on September 9, 2008

  49. [...] team has released a new update to the 2.6 branch which addresses issues when your blog has public registrations open. If you allow [...]

    Pingback from WordPress 2.6.2 Released, Mandatory Update on September 9, 2008

  50. [...] checking up things today… hey, WordPress version 2.6.2 has been released. So okay, this site is updated, particularly since it fixes some security issue [...]

    Pingback from Zit Seng’s Superwall » Blog Archive » Moving To New Data Centre on September 9, 2008

  51. [...] Und weiter geht es mit dem nervigen Updates von WordPress, denn mittlerweile wurde WordPress in der Version 2.6 veröffentlicht. [...]

    Pingback from Gruening.me » WordPress 2.6.2 ist verfügbar on September 9, 2008

  52. [...] 改版說明:http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from WordPress 2.6.2 發佈「修正資料庫」! | 夢想的地平線 on September 9, 2008

  53. [...] 开发者刚刚发布了 WordPress 2.6.2 版本,这是 WordPress 2.6 系列的第二个修正版本。根据此版本,我们制作了相应的 [...]

    Pingback from WordPress 2.6.2 中文版发布 | 静水深流 on September 9, 2008

  54. [...] Leer comunicado oficial del lanzamiento [...]

    Pingback from janckos.net » Blog Archive » WordPress 2.6.2, Sistema Administrador de Contenidos on September 9, 2008

  55. [...] 开发者刚刚发布了 WordPress 2.6.2 版本,这是 WordPress 2.6 系列的第二个修正版本。根据此版本,WordPress [...]

    Pingback from WordPress 2.6.2 中文版发布 | 贝壳小屋 on September 9, 2008

  56. [...]     官方下载页面点击这里。         根据WordPress官网的描述。这次升级主要是针对那些开放注册的Blog,原有的生成随机密码的方法可能会被黑客攻击。建议开放使用WordPress并开放注册的网站马上升级。而没有开放注册的的网站可以不用升级。         官方对WordPress2.62升级具体内容的英文原版描述点击这里查看。 [...]

    Pingback from WordPress2.6.2发布 - 挨踢八卦 - 以八卦的眼光旁观IT世界,用八卦的方式评论IT事件 on September 9, 2008

  57. [...] a rezolva problema cu generarea parolelor. Puteti afla mai multe despre noua versiune wordpress aici, lista cu bug-urile rezolvate o gasiti aici. De asemenea, daca sunteti curiosi puteti arunca o [...]

    Pingback from Noua versiune wordpress: 2.6.2 | Blogu' lu' Dany on September 9, 2008

  58. [...] keep an eye on the WordPress Development Blog to get any new information on this latest release which is expected to be basically a security and [...]

    Pingback from WordPress 2.6.2 released | Einchi on September 9, 2008

  59. WordPress 2.6.2リリース…

    WordPress › Blog » WordPress 2.6.2
    WordPress 2.6.2がリリースされた。今回のリリースは、ユーザー登録を自由にさせている場合には至急アップグレードが必要とのことだ。WordPress 2.6.2のダ……

    Trackback from WordPressで企業ウェブサイト作成・商用ホームページ制作 WordPress Go Go on September 9, 2008

  60. [...] Source: WordPress [...]

    Pingback from WordPress 2.6.2 | WING LOON on September 9, 2008

  61. [...] no realizará ninguna modificación a la base de datos, ya que serán simplemente a los archivos. [Enlace] [...]

    Pingback from WordPress 2.6.2 | Power on September 9, 2008

  62. [...] 开发者刚刚发布了 WordPress 2.6.2 版本,这是 WordPress 2.6 系列的第二个修正版本。根据此版本,我们制作了相应的 [...]

    Pingback from This season » Blog Archive » WordPress 2.6.2 中文版发布 on September 9, 2008

  63. [...] Informationen zum Release [...]

    Pingback from WordPress 2.6.2 | sephice.net on September 9, 2008

  64. [...] в версии WordPress 2.6.1, а закончил в 2.6.2, т.е. пока я писал WordPress обновили до версии 2.6.2, и я благополучно обновился до этой версии. Поделиться [...]

    Pingback from WordPress, плагины и напильник - как работает этот блог | Блог Дениса "Mr.Snow" Кожухова on September 9, 2008

  65. [...] 提示 WordPress 2.6.2 发布了。简单看了下更新摘要,中午回来就着手升级了。这次更新共修改了 [...]

    Pingback from 西门口的馒头 » Blog Archive » WordPress 2.6.2 发布了 on September 9, 2008

  66. [...] پیش نسخه ۲/۶/۲ وردپرس منتشر شد. این نسخه از نظر قابلیت های فنی فرقی با نسخه ۲/۶ نداره و [...]

    Pingback from وردپرس فارسی » انتشار نسخه 2.6.2 وردپرس on September 9, 2008

  67. [...] WordPress 2.6.2.: This release is in response to a recent warning to developers from Stefan Esser about the dangers of SQL Column Truncation and weaknesses of mt_rand(). The issue at hand that forced the release is discussed in detail on the WordPress.org blog post linked above. Basically the attack is complex, is dependent on open registration being turned on in your blog, but can be executed in theory and turns out to be more of an annoyance than an actual exploit. [...]

    Pingback from WordPress 2.6.2 Released | WordPress Blog NL on September 9, 2008

  68. [...] under: Blogging, Refresh TuesdaySep 9,2008 WordPress 2.6.2: Yes, here we go again! Katanya sih tidak harus segera upgrade, hanya ada sedikit perbaikan bug. [...]

    Pingback from WordPress 2.6.2 » Benny Chandra dot com on September 9, 2008

  69. [...] ได้ออกเวอร์ชั่น 2.6.2 เมื่อวันที่ 8 กันยายน 2551 [...]

    Pingback from WordPress 2.6.2 Update อีกแล้วนะครับ | Phet.in.th Google AdSense & SEO Commercial Make Money Online Blog on September 9, 2008

  70. [...] considering submitting long queries and untrimmed inserts into the MySQL DB. A new version of WordPress (2.6.2) was released just to fix this, so you should check your apps [...]

    Pingback from href » SQL Column Truncation on September 9, 2008

  71. [...] wederom is er een update uitgebracht van WordPress. Ditmaal zijn een aantal kleinere bugs en een mogelijke exploit [...]

    Pingback from WordPress 2.6.2 » Zomaar… on September 9, 2008

  72. [...] Read the whole article on WordPress official website. [...]

    Pingback from iGraphiX Blog | WordPress 2.6.2 on September 9, 2008

  73. [...] Μπορείτε να διαβάσετε την ανακοίνωση εδώ. [...]

    Pingback from WordPress 2.6.2 « Λινουξολόγος||Ουμπουντολόγος :) on September 9, 2008

  74. [...] WordPress 2.6.2 has been released.  It addresses a couple of issues related to SQL Column Truncation and the mt_rand() function, along with some bug fixes.  Using subversion, the upgrade consisted of switching to the root directory of my WordPress installation and entering the following command: [...]

    Pingback from gordon.dewis.ca | WordPress 2.6.2 on September 9, 2008

  75. [...] WordPress 2.6.2发布。 此版本修正了mt_rand()太弱导致的随机数不够随机的安全漏洞,如果你的wordpress开放了注册,官方推荐是尽快更新到该版本。此外,还修正了一些其他错漏。 [...]

    Pingback from WordPress 2.6.2 | 冰古blog on September 9, 2008

  76. [...] WordPress 2.6.2发布。 此版本修正了mt_rand()太弱导致的随机数不够随机的安全漏洞,如果你的wordpress开放了注册,官方推荐是尽快更新到该版本。此外,还修正了一些其他错漏。 [...]

    Pingback from WordPress 2.6.2 | 冰古blog on September 9, 2008

  77. [...] Aggiornamento di sicurezza per WordPress 2.6.x: se il vostro blog è già aggiornato alla versione 2.6.1, potete scaricare e installare il pacchetto con i soli file modificati (lo trovate in fondo a questa pagina oppure qui). Buon aggiornamento Tag Technorati: wordpress 2.6.2 Letture consigliatePer ingannare il tempo in attesa del ritorno di Cthulhu potresti leggere anche:Wordpress 2.6.1Aggiornamento WordPress 2.3.3WordPress 2.2.2 e 2.0.11Wordpress: tag Technorati e blog reactions Scritto da pseudotecnico Archiviato in wordpress [...]

    Pingback from pseudotecnico:blog » WordPress 2.6.2 on September 9, 2008

  78. [...] 2.6.2 Released, Mandatory Update WordPress team has released a new update to the 2.6 branch which addresses issues when your blog has public registrations [...]

    Pingback from WordPress 2.6.2 Released, Mandatory Update « Techno 365 on September 9, 2008

  79. [...] [via] [...]

    Pingback from WordPress 2.6.2 - Sicherheitsrelease » Frank Helmschrott on September 9, 2008

  80. [...] WordPress 2.6.2 SQL Truncation [...]

    Pingback from 兔耳八克斯 on September 9, 2008

  81. [...] for WordPress users! The next release of WordPress 2.6.2 is now available and released for your installation or upgrade. According to Ryan in his blog, a [...]

    Pingback from WordPress 2.6.2 Is Now Out! » SoftSift on September 9, 2008

  82. [...] time flys!Aften half a month ago, the WordPress2.6.2 was released, With Stefan Esser’s help, warned developers of the dangers of SQL Column [...]

    Pingback from WordPress 2.6.2 Released&Update your wp-blog | Web About Money on September 9, 2008

  83. [...] time flys!Aften half a month ago, the WordPress2.6.2 was released, With Stefan Esser’s help, warned developers of the dangers of SQL Column [...]

    Pingback from WordPress 2.6.2 Released&Update your wp-blog | Web About Money on September 9, 2008

  84. [...] Scheinbar ist es wieder hauptsächlich eine Sicherheitslücke, die das neue Release verursachte. Bei Blogs, die eine Registrierung zulassen wird damit eine SQL Column Truncation [...]

    Pingback from StoiBär » Blog Archiv » WordPress 2.6.2 ist da on September 9, 2008

  85. WordPress 2.6.2…

    Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you shoul…

    Trackback from Leonaut.com on September 9, 2008

  86. [...] Chaud, allez prendre votre copie de WordPress, un petit patch de sécurité est [...]

    Pingback from JaXX.org » WordPress 2.6.2 on September 9, 2008

  87. [...] fost lansat WordPress 2.6.2; actualizează-ţi blogul că faci [...]

    Pingback from WordPress 2.6.2 : Gupi on September 9, 2008

  88. [...] minden sokkal jobb, tisztább, szárazabb érzés. Biztos. Kattintás ellenében elolvasható az új verzion apróságai, bugfix lista és egy szépséges [...]

    Pingback from WP 2.6.2 upgrade at pappito.com on September 9, 2008

  89. [...] a WordPress 2.6.2-es változata, és a blogokat frissítettük is erre az új verzióra, továbbá [...]

    Pingback from WordPress 2.6.2 és bővítmény frissítések [WPress.hu] on September 9, 2008

  90. [...] reported by the WordPress folks themselves, they’ve released version 2.6.2 of their product, which provides a series of security and bug [...]

    Pingback from WordPress 2.6.2 Now Available on September 9, 2008

  91. [...] publicado WordPress 2.6.2. Artículos [...]

    Pingback from WordPress 2.6.2 on September 9, 2008

  92. [...] Kami telah melakukan upgrade engine wordpress dari versi 2.6.1 menjadi wordpress versi 2.6.2, dalam versi ini, beberapa perbaikan telah dilakukan pihak wordpress untuk lengkapnya silakan kunjungin situs resminya wordpres. [...]

    Pingback from Upgrade ke WordPress 2.6.2 | #puisi.org on September 9, 2008

  93. [...] aber auch einige Bugfixes fanden ihren Weg in die neue Version. Die offzielle Meldung ist hier zu finden. Abgelegt unter: Blog, Tagesgeschehen, Webseite Autor: [...]

    Pingback from Blog: Update auf WordPress 2.6.2 | sven’s weblog on September 9, 2008

  94. [...] Ryan has announced the release of WordPress 2.6.2, a security related point release of the popular blog server [...]

    Pingback from WordPress 2.6.2 Released - PHP Exploit Negated on September 9, 2008

  95. [...] Κυκλοφόρησε χθες από το WordPress μια νέα διανομή, η 2.6.2 η οποία λύνει κάποια προβλήματα σχετικά με την ασφάλεια της εφαρμογής μετά από επισήμανση developer για επίθεση που δέχτηκε blog του και το εντοπισμό ενός κενού ασφαλείας απ’όπου φαίνεται πως πραγματοποιήθηκε αυτή. Δεν θα έλεγα πως πρόκειται για σοβαρό ζήτημα η άμεση αναβάθμιση από την 2.6.1 αλλά μπορείτε να την προγραμματίσετε στο εγγύς μέλλον. [...]

    Pingback from Νεα αναβαθμιση, WordPress 2.6.2 | zero.gr on September 9, 2008

  96. [...] Alweer een nieuwe release mensen. En ook deze keer is het in feite een bug-fix release en niet zozeer een nieuwe features release. Upgraden en wel zo snel mogelijk dus. « MSI Wind + Apple Mac OS X = ? [...]

    Pingback from Unexpected » Blog Archive » WordPress 2.6.2 on September 9, 2008

  97. [...] ausserdem wurde ein Exploit behoben (http://wordpress.org/development/2008/09/wordpress-262/) wenn man sich am Blog registrieren kann (was man hier nicht [...]

    Pingback from cosmofreak’s Blog » WordPress Update 2.6.2 on September 9, 2008

  98. [...] Artikel berhubungan: http://weblogtoolscollection.com/archives/2008/09/09/wordpress-262-released/ http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Upgrade Freak! WordPress 2.6.2 | id.JPMStyle.com on September 9, 2008

  99. [...] me despierto con una actualización de [...]

    Pingback from Actualización WordPress 2.6.2 | sometimes_i_dream_about_reality on September 9, 2008

  100. [...] Mittlerweile wurde das offizielle Statement zu diesem Release im Entwicklerblog veröffentlicht. Version 2.6.2 behebt ein Problem, von dem in [...]

    Pingback from // TBDTTT » WordPress 2.6.2 on September 9, 2008

  101. [...] nach der Veröffentlichung, meldeten sich dann auch die Entwickler zu Wort und gaben in einem Blogpost, die wichtigsten Veränderungen [...]

    Pingback from WordPress 2.6.2 rausgeschossen - Was steckt drin und für wen ist das Update Pflicht? | Blogmillionär on September 9, 2008

  102. [...] er tale om en mindre opdatering, som kun er relevant, hvis du tillader brugere at registrere sig på bloggen. Du kan downloade den [...]

    Pingback from WordPress version 2.6.2 er klar » Søgemaskineoptimering af WordPress Blogs on September 9, 2008

  103. [...] dem letzten nicht sicherheitsrelevanten Update, wird das Update 2.6.2 dieses mal allen mit offener Registrierung dringenst empfohlen. Bei den Versionen 2.6.1 und älter [...]

    Pingback from WordPress: 2.6.2 (Sicherheitsrelevant) » Plugin, Update, WordPress » splash ;) on September 9, 2008

  104. [...] bekommt dieses Passwort nicht. Betroffen sind somit vor allem Blogs, mit aktivier Registrierung. Hier geht es zu den englischen News/Download auf WordPress.org, an der deutschen Version wird bereits [...]

    Pingback from WordPress 2.6.2 ist da! - GreenSmilies on September 9, 2008

  105. [...] oficial | WordPress.org Descarga | WordPress.org. Vía | WordPress.org Blog. trackback ¿Recomendarías este post? Más noticias sobre: Web, Herramientas, [...]

    Pingback from WordPress 2.6.2 disponible para descargar on September 9, 2008

  106. [...] WordPress 2.6.2 がリリースされました。ちょっと前に 2.6.2 ベータ1 が出てて、試さないとと思っていたんですが、時間が取れないまま正式版になってしまいました。2.6.1 で改善された「日本語タグの重複問題」ですが、ときどき重複が発生することがあったので、バグレポートしようかと思っていたのにーー。2.6.2 で発生するならば今度こそバグレポートですね。 [...]

    Pingback from Yuriko.Net » WordPress 2.6.2 リリース on September 9, 2008

  107. [...] ha annunciato una nuova release della sua celebre piattaforma di Blogging con un importante incremento sulla sicurezza per chi usa la Open Registration degli utenti. Immagine di WordPress tratta da [...]

    Pingback from Nuova versione di WordPress: 2.6.2 con un Fix di sicurezza utile per chi consente commenti senza registrazione | Buzzes about e commerce, e marketing, social shopping. on September 9, 2008

  108. [...] 2.6.2 has been released by WordPress development team. It’s a mandatory update if you’re allowing user registration in [...]

    Pingback from Hot WordPress Tips » Blog Archive » WordPress 2.6.2 is available on September 9, 2008

  109. [...] mañana me ha llamado la atención ver que la versión 2.6.2 de WordPress había salido a la luz. Al parecer se había detectado un problema con la base de datos y algunas mejoras más. [...]

    Pingback from WordPress 2.6.2, corrección de seguridad | aNieto2K on September 9, 2008

  110. [...] WordPress › Blog [...]

    Pingback from dies & das · WordPress 2.6.2 released on September 9, 2008

  111. [...] dettagli per il momento li potete leggere tutti sul post (originale in inglese), tra pochissimo verrà anche rilasciato il pacchetto italiano. Share and Enjoy: Queste icone [...]

    Pingback from WordPress 2.6.2 disponibile da oggi! | MarcoSiviero.Com | Tutto Gratis on September 9, 2008

  112. [...] в не-критичния, но досаден проблем в сигурността. Според Уърдпрес блога: в предишните версии, ако регистрациите са разрешени, [...]

    Pingback from Assenoff » Blog Archive » WordPress новинки on September 9, 2008

  113. [...] Meldung auf WordPress.org. Betrifft diejenigen, die – WordPress 2.6.1 nutzen – und eine freie Registrierung von Usern [...]

    Pingback from Basic Thinking Blog | Sicherheitsupdate für WordPress on September 9, 2008

  114. [...] installed the latest security update for WordPress: http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from » Just installed the latest security updat … Westlands.Org on September 9, 2008

  115. [...] fixes an exploit thats mainly important for blogs with open registration enabled.They say It is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow [...]

    Pingback from Download Portable Version Of Chrome Browser : Google,Portable Softwares : Tech Yard | TECH YARD on September 9, 2008

  116. [...] people over at my favourite blogging platform released a WordPress Update last night to fix a few PHP exploit weaknesses. Not a big upgrade, but pretty important if you have [...]

    Pingback from WordPress 2.6.2 | Air Mass Zero on September 9, 2008

  117. [...] version 2.6.2 has just been released. According to WordPress, version 2.6.2 protects WordPress from a certain kind of hack that will reset your password and [...]

    Pingback from Drett.com - Monetize Now — WordPress 2.6.2 Has Just Been Released on September 9, 2008

  118. [...] | WordPress Compártelo No se encuentran entradas [...]

    Pingback from Actualizar wordpress 2.6.2 | Blog Social on September 9, 2008

  119. [...] Update ist auf den englischsprachigen Seiten (Release-Blog-Eintrag)schon erschienen, die Version von WordPress-Deutschland wird sicher auch bald erscheinen. Derweil [...]

    Pingback from WordPress 2.6.2 ist erschienen - Kritisches Update im Leben des wolf-u.li on September 9, 2008

  120. [...] Per saperne di più potete leggere questa pagina in inglese. [...]

    Pingback from » WordPress 2.6.2 aggiornamento di sicurezza » Blogg ‘R on September 9, 2008

  121. [...] 官方對這次更新的說法: http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from 剛從WordPress2.6.1,升級到WordPress2.6.2 | 六尾さそりの東役 on September 9, 2008

  122. [...] betreffen. Eine “handvoll” Bugfixes gibt es noch obendrein. Mehr dazu im Developer-Blog und bei [...]

    Pingback from Webrocker » Schon wieder eine neue WordPress Version: 2.6.2 on September 9, 2008

  123. [...] Betroffen sind vor allem Blogsysteme bei denen man die Option einer offenen Anmeldung hat. Das Update 2.6.2 schließt diese Lücke und bereinigt noch einige kleinere Bugs. Hier die ReleaseNotes. [...]

    Pingback from LightFactory Blog » Archiv » WordPress 2.6.2 on September 9, 2008

  124. [...] Source: WordPress Blog [...]

    Pingback from WordPress 2.6.2 Update Is Out | VikingBlogger.com on September 9, 2008

  125. [...] Meldung auf WordPress.org [...]

    Pingback from WordPress 2.6.2 erschienen « Commit-Suicide Weblog on September 9, 2008

  126. [...] Mein schönes Eullennest … :-( WordPress hat sich übrigens auch zum Thema geäußert -> Zum Artikel [...]

    Pingback from WordPress - Passwort zurücksetzen | EullenNest on September 9, 2008

  127. [...] corretti anche una serie di bachi, per chi volesse approfondire il problema di sicurezza si veda l’articolo di release di Ryan Boren, mentre ecco l’elenco dei bachi corretti e l’elenco completo delle modifiche e dei file [...]

    Pingback from WordPress 2.6.2 in italiano » Archivi Blog » WordPress Italy on September 9, 2008

  128. [...] 2.6.2 – Important Security Fix Well What do you know, there is another release of WordPress. And a crucial one that should upgrade to as soon as possible. I have already upgraded my site, and [...]

    Pingback from WordPress 2.6.2 - Important Security Fix on September 9, 2008

  129. [...] dazu auch: WordPress 2.6.2, Ankündigung auf [...]

    Pingback from Angreifer können Passwörter von WordPress-Nutzern zurücksetzen « Computerhilfe u. Info Blog on September 9, 2008

  130. [...] equipo de WordPress asegura que este problema es difícil de explotar, pero al final de cuentas es posible y es [...]

    Pingback from Publicado WordPress 2.6.2 | el tecnicida on September 9, 2008

  131. [...] der Funktion “mt_rand()” aufmerksam gemacht. In Blogs mit offener Registrierung können Angreifer laut WordPress einen Benutzernamen so wählen, dass dadurch das Passwort eines anderen Users zurückgesetzt und [...]

    Pingback from Sicherheitsupdate für WordPress 2.6 erschienen - News | ZDNet.de Security - Sicherheit on September 9, 2008

  132. [...] corretti anche una serie di bachi, per chi volesse approfondire il problema di sicurezza si veda l’articolo di release di Ryan Boren, mentre ecco l’elenco dei bachi corretti e l’elenco completo delle modifiche e dei file [...]

    Pingback from WordPress 2.6.2 in italiano on September 9, 2008

  133. [...] WordPress 2.6.2 is now available. “You must update now”. The WP 2.6.2 version contains a handful of bug fixes. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. More. [...]

    Pingback from A Dialogue With K » WordPress 2.6.2 on September 9, 2008

  134. [...] Beheben einer (schweren) Sicherheitslücke, wie man im Linux-Magazin lesen kann. Auch ist jetzt auf dem Developer-Blog ein Beitrag hierzu zu [...]

    Pingback from Blog von Kim (Mupfel) Huebel » Blog Archiv » WordPress-Update aus Sicherheitsgründen on September 9, 2008

  135. [...] 以下は、2008 年 9 月 8 日に書かれた WordPress.org 公式ブログの記事、「WordPress 2.6.2」を訳したものです(日本語版のリリースはしばらくお待ちください)。以下のリンク先はすべて英語のページとなっています。 ステファン・エッサー氏は最近、SQL カラムのトランケーション(切り捨て)および mt_rand() の弱点について開発者に注意を促しました。彼の助力のもとにこの問題を解決しましたので、WordPress 2.6.2 をリリースします。誰でもユーザー登録ができるブログをお持ちの場合、必ずアップグレードを行って下さい。 [...]

    Pingback from WordPress | 日本語 » WordPress 2.6.2 on September 9, 2008

  136. [...] another version of WordPress is out. The official development blog just announced that WordPress 2.6.2 is out, which aims to fix an exploit of the open user registration [...]

    Pingback from WordPress 2.6.2 Is Out: Care If You Have Open User Registration on September 9, 2008

  137. [...] team at WordPress.com have released a new version of WordPress, 2.6.2. This update plug’s two vulnerability that when used together can give crackers access to the [...]

    Pingback from Tim’s technology & design blog » Blog Archive » WordPress 2.6.2 on September 9, 2008

  138. [...] 2.6.2 di WordPress, sia nella versione inglese che in quella italiana. Maggiori dettagli nel post con l’annuncio del rilascio, qui il relativo annuncio su WordPress [...]

    Pingback from lucatogni.ch › Archivio › Rilasciato WordPress 2.6.2, anche in italiano on September 9, 2008

  139. WordPress 2.6.2…

    A hétvégén olvastam az egyik internetes biztonággal foglalkozó oldalon, hogy Stefan Esser ismét villant, és felhívta a WordPress fejlesztők figyelmét a PHP mt_rand() függvényével kapcsolatos gyengeségre.
    A megfelelő információk és a f……

    Trackback from WordPress Magyarország on September 9, 2008

  140. [...] saiu o WordPress 2.6.2, mais uma atualização do nosso querido sistema de blog. Como toda atualização [...]

    Pingback from WordPress 2.6.2 | pBlog on September 9, 2008

  141. [...] WordPress // [...]

    Pingback from The Inquirer ES : WordPress 2.6.2, listo para descarga on September 9, 2008

  142. [...] de salir al público una nueva versión de WordPress, la versión 2.1.2, esta corrige un problema de seguridad de [...]

    Pingback from WordPress 2.1.2 soluciona la seguridad de mt_rand() =A= Aeromental on September 9, 2008

  143. [...] Деталі читайта на блозі розробників. [...]

    Pingback from WordPress 2.6.2 офіційний реліз - Watcher on September 9, 2008

  144. [...] Infos: WordPress 2.6.2 [...]

    Pingback from WordPress 2.6.2 - Sicherheitsupdate » Pixeldrama » Webdesign Berlin on September 9, 2008

  145. [...] Entwickler von WordPress haben am gestrigen Montag Version 2.6.2 veröffentlicht, die eine Sicherheitslücke [...]

    Pingback from ADIT Systems-Blog » Blog Archive » Sicherheitsupdate für WordPress on September 9, 2008

  146. [...] http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Hax me - not. (WordPress updated) | To rant about pseudo security on September 9, 2008

  147. [...] WordPress released version 2.6.2. today as a response to a vulnarability explained here. [...]

    Pingback from ALTERNATE-REALITY.NET - » New update for WordPress on September 9, 2008

  148. WordPress 2.6.2 (Bugfix)…

    Schon seit geraumer Zeit habe ich mich immer gewundert, wieso sich russische Weltbürger immer wieder in meinem Blog registrierten (diese habe ich nicht deaktiviert – wer möchte kann sich also registrieren). Erst heute habe ich mir ein Registrieungs-P…..

    Trackback from Eindrücke on September 9, 2008

  149. [...] For more information, check out the release post. [...]

    Pingback from WordPress 2.6.2 Released | Blog Oh Blog on September 9, 2008

  150. [...] ilgili ayrıntılı bilgiye buradan ulaşabilir; WordPress 2.6.2 yi indirmek için bu bağlantıyı, wordpress nasıl güncellenir [...]

    Pingback from WordPress 2.6.2 Yayınlandı on September 9, 2008

  151. [...] Página Oficial / Download Partilha esta entrada: [...]

    Pingback from WordPress 2.6.2 | MUIOMUIO.NET on September 9, 2008

  152. [...] uppdatera WordPress till version 2.6.2. Mer information om den senaste versionen kan du läsa om här och här kan du ta hem den senaste versionen av [...]

    Pingback from WordPress 2.6.2 on September 9, 2008

  153. [...] WordPress 2.6.2。我最想要的新功能, 就是希望像 upgrade plugins 一樣, 可以 one click 就 upgrade [...]

    Pingback from irene's page: diary | diary @ 2008-09-09 on September 9, 2008

  154. [...] I woke up this morning and see that WordPress released a new version yesterday. The new version 2.6.2 is a security release. [...]

    Pingback from WordPress Issues Security Uptate in Version 2.6.2 | SuccessCREEations, Inc. on September 9, 2008

  155. [...] וורדפרס בעברית 2.6.2 כוללת עדכון אבטחה שמתקן פרצת אבטחה בוורדפרס 2.6.1 ובגרסאות מוקדמות יותר עם הרשמה פתוחה למשתמשים חדשים. תוך ניצול של פרצת אבטחה נפרדת ב-PHP, תוקפים יכולים לבצע התקפה משולבת שתאפשר להם להשתלט על חשבונות של משתמשים בבלוג. מידע נוסף על המתקפה בהודעת השחרור של WordPress 2.6.2. [...]

    Pingback from וורדפרס בעברית 2.6.2 » וורדפרס בעברית on September 9, 2008

  156. [...] WordPress 2.6.2 update for open registration security. [...]

    Pingback from Marketing Geek Self help marketing podcast for new technology communication. » Blog Archive » Marketing Geek Show#51 Woopra! on September 9, 2008

  157. [...] than a month after 2.6.1 was released, WordPress have publicly released 2.6.2 for download. This release is recommended in particular to those who allow users to register on their [...]

    Pingback from WordPress 2.6.2 released on September 9, 2008

  158. [...] did, however, make the upgrade to WordPress 2.6.2, and didn’t even break my blog! Although Google Chrome really wasn’t very conducive to [...]

    Pingback from Devilish Southern Belle on September 9, 2008

  159. [...] WordPress 2.6.2 has been released. This release is in response to a recent warning to developers from Stefan Esser about the dangers of SQL Column Truncation and weaknesses of mt_rand(). With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. [...]

    Pingback from WordPress 2.6.2 Released | jonRaptor's Blog on September 9, 2008

  160. [...] mengecek dashboard blog saya ini, ternyata ada update terbaru dari WordPress. WordPress 2.6.2 telah diluncurkan. Wuih cepat banget, belum ada sebulan sudah diupgrade! Namanya [...]

    Pingback from WordPress 2.6.2 Telah Dirilis! : Mochammad Kurniawan on September 9, 2008

  161. [...] short version: Multiple plugins, wordpress and mediawiki. Mostly these were all security patches etc. If something borks, let me know at [...]

    Pingback from Upgradathon | Jorja Fox: Online on September 9, 2008

  162. [...] Für WordPress ist die neue Updateversion 2.6.2 erschienen. Sie behebt vor allem einen kritischen Fehler (PHP, SQL) bei der aktivierten Benutzerregistrierung. Mehr dazu aber im WordPress Blog. [...]

    Pingback from WordPress 2.6.2 Update « Tigions Blog on September 9, 2008

  163. [...] http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from WordPress Releases Version 2.6.2 | Craig Edmonds on September 9, 2008

  164. [...] ganzen Beitrag von Ryan zum neuen WordPress gibt´s im offiziellen WP-Blog. Tags: 2.6.2, Update, WordPress Der Beitrag wurde am Tuesday, den 9. September 2008 um 16:04 [...]

    Pingback from Bastian Neumann » WordPress Update: 2.6.2 on September 9, 2008

  165. [...] registration enabled in your WordPress blog? If yes, then you must upgrade your WordPress to the newly released 2.6.2. A bug in WordPress 2.6.1 and earlier can help a malicious user to reset some user’s password [...]

    Pingback from WordPress 2.6.2 Released, Must Be Upgraded | CompuWorld on September 9, 2008

  166. [...] on | September 9, 2008 | 16:09 | So I just did my first WordPress update to 2.6.2, 2.6.1 had a security hole. It went remarkably smooth, considering the horror stores I read (link German, click the links in [...]

    Pingback from WordPress Updated, Plugin List | haslo.ch - Guido's Blog on September 9, 2008

  167. [...] Време за ъпдейт на WP-то до версия 2.6.2 [...]

    Pingback from WordPress 2.6.2 on September 9, 2008

  168. [...] haven’t finished upgrading all my blogs actually.  And reading the post from the WordPress blog regarding the new version, I’m still at a loss.  Perhaps because I’m much more of a newbie user and know little [...]

    Pingback from Should You Upgrade to WordPress 2.6.2 ASAP? | Prudence and Madness on September 9, 2008

  169. [...] ukazała się wersja WordPress oznaczona numerem 2.6.2. Doszło kilka nowych, ciekawych funkcji oraz poprawiono bezpieczeństwo. Jeśli ktoś nie [...]

    Pingback from Tłumaczenie WordPress 2.6.2 na język polski | torli on September 9, 2008

  170. [...] hari ini (kemaren sih sebenernya ) merilis update terbarunya, versi 2.62. Walau sebenarnya 2.6.1 sendiri masih lumayan baru, yah mungkin inilah kelebihannya plattform Open [...]

    Pingback from Setengah Mateng! | WordPress 2.6.2 on September 9, 2008

  171. [...] WordPress has announced the final release of WordPress 2.6.2. [...]

    Pingback from WordPress 2.6.2 Final Released | WebDevStudios.com on September 9, 2008

  172. [...] alright. All was well except that there was an update to WordPress (2.6.2) available. I checked the release notes and, you guessed it, there was mention of an “exploit” that allowed an attacker using [...]

    Pingback from Hit by “attack” on September 9, 2008

  173. [...] Did you want to start a new blog this week? If yes, I’d recommend you to download new WordPress, version 2.6.2 right now. For more information about this released, visit this page: WordPress 2.6.2 Released Page. [...]

    Pingback from New WordPress 2.6.2 Released Yesterday | baLooTisme on September 9, 2008

  174. [...] you’re a WordPress user, you’ll probably be interested to hear that a new version has been released, but that this update has been deemed optional, because it fixes an issue that arises in only [...]

    Pingback from Latest WordPress Update Is Optional : Rod Templeton on September 9, 2008

  175. [...] sobre o problema são explicados nesse post do [...]

    Pingback from WordPress-BR » Arquivo » WordPress 2.6.2 pt_BR on September 9, 2008

  176. [...] sobre o problema são explicados nesse post do [...]

    Pingback from WordPress | Brasil » WordPress 2.6.2 pt_BR on September 9, 2008

  177. [...] Donc, correction du problème, et mise en ligne de la version 2.6.2. [...]

    Pingback from Sortie de WordPress 2.6.2 | WordPress Francophone on September 9, 2008

  178. [...] running WordPress. 2.6.2 is out, and it patches a vulnerability that would allow an attacker to reset the password of another user. I’m closing registrations here until I get a chance to upgrade.    Posted by [...]

    Pingback from pebkac thoughts : WordPress vuln, registrations closed for a bit on September 9, 2008

  179. [...] siempre, hay cientos de pequeños cambios y correcciones con la nueva versión. Si no querés actualizar toda tu instalación, este el listado de archivos que cambian respecto [...]

    Pingback from Actualización de seguridad para WordPress | Thuer.com.ar on September 9, 2008

  180. [...] gibt es keine, dafür aber werden Sicherheitslücken gestopft. Bei heise.de und im WordPress-Blog findet man mehr [...]

    Pingback from WordPress Update auf 2.6.2 • puzich.com :: I took the blue pill on September 9, 2008

  181. [...] 09 Sep. 2008 in General, Nerd Salió una nueva versión de WordPress de la rama 2.6, en el blog oficial están los cambios, mayormente son bugfixes y algunos arreglos en fallas de seguridad respecto a lo [...]

    Pingback from WordPress : 2.7 para Noviembre y 2.6.2 Disponible | ModemHead.com.ar on September 9, 2008

  182. [...] pars travailler et ce n’est que dans l’après-midi que je tombe sur l’article de WordPress.org concernant une nouvelle mise à jour de WordPress, la 2.6.2. Cette mise à jour devait être [...]

    Pingback from Themes du Net » Blog Archive » WordPress 2.6.2 : il est urgent de mettre à jour on September 9, 2008

  183. [...] WordPress Blog によると「誰でもユーザー登録ができるようにする」設定にしている場合に特にアップグレードが推奨されていますが、他の修正点も含めて 14個のファイルが diff となっています。  [...]

    Pingback from WordPress 2.6.2: 2.6.1 からのアップグレード手順まとめ - Nire.Com on September 9, 2008

  184. [...] This is what the official announcement has to say: # [...]

    Pingback from WordPress 2.6.2 Released, Fixes Security Flaw on September 9, 2008

  185. [...] Vía | Blog de WordPress [...]

    Pingback from Nuevo WordPress 2.6.2 on September 9, 2008

  186. [...] Lansare WP 2.6.2 în urma remedierii unei probleme legată de accesul la baza de date folosită de platforma de blogging. Update-ul este recomandat în special celor care permit în mod liber înregistrarea utilizatorilor pe blog. Mai multe detalii puteţi afla aici. [...]

    Pingback from CDinside.ro - WordPress 2.6.2 on September 9, 2008

  187. [...] 2.6.2 Mandatory Upgrade Ryan Boren has announced the mandatory WordPress 2.6.2 upgrade has been released and WordPress users are required to download WordPress 2.6.2 and upgrade [...]

    Pingback from WordPress 2.6.2 Mandatory Upgrade « Lorelle on WordPress on September 9, 2008

  188. [...] giderilmiş hataların listesini gördüm. Buradan bakabilirsiniz. Daha fazla ayrıntı ve indirmek için buraya [...]

    Pingback from ercani bilişim » Blog Archive » WordPress 2.6.2 beta sürümü yayınlanmış on September 9, 2008

  189. [...] zjutraj sem opazil, da je na voljo novi wordpress. In sicer v različici 2.6.2. S temle trenutkom je postal moj blog [...]

    Pingback from Posodobitev na wordpress 2.6.2 | smottt on September 9, 2008

  190. [...] ieri è possibile scaricare la versione 2.6.2 della nostra piattaforma di blogging preferita, WordPress. Non ci sono grosse novità rispetto alla [...]

    Pingback from BlogMaster - Disponibile WordPress 2.6.2 on September 9, 2008

  191. [...] Mais informações no Blog do WordPress [...]

    Pingback from Atualização do WordPress corrige falha de segurança | Tio Geek! on September 9, 2008

  192. [...] The security risk affects all PHP applications, WordPress included. Particularly vulnerable are those websites allowing open registration. More details about this issue at http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Security advisory for WordPress and other PHP sites | TAPACOM on September 9, 2008

  193. [...] more at http://wordpress.org/development/2008/09/wordpress-262/ Previous Article« A Kuler Web Comments are [...]

    Pingback from aSocialMynd » Blog Archive » WordPress 2.6.2 Released on September 9, 2008

  194. [...] The security risk affects all PHP applications, WordPress included. Particularly vulnerable are those websites allowing open registration. More details about this issue at http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Security advisory for WordPress and other PHP sites | Web Weavers Workshop on September 9, 2008

  195. [...] hot from the oven, WordPress 2.6.2 is out! Its an upgrade for security fixes and bug fixes, so go get [...]

    Pingback from WordPress 2.6.2 is out! - Blogopreneur.com on September 9, 2008

  196. [...] this new version its more an upgrade as a form of a security patch. Anyway, upgrading as we’ve found out is rather easy and its a BIG THANKS to Nick who [...]

    Pingback from Upgraded shoppingNsales to WordPress 2.6.2 | snsBlog on September 9, 2008

  197. [...] Ryan Boren has announced the mandatory WordPress 2.6.2 upgrade has been released and WordPress users are required to download WordPress 2.6.2 and upgrade immediately. [...]

    Pingback from WordPress 2.6.2 Mandatory Upgrade | WordPress Blog NL on September 9, 2008

  198. [...] blogu WordPressa ukazała się wczoraj informacja o nowej wersji 2.6.2 i jest to poprawka bezpieczeństwa: With open registration enabled, it is [...]

    Pingback from Arkadiusz Tobiasz » Archiwum » WordPress 2.6.2 on September 9, 2008

  199. [...] kurzer Zeit gibt es das WordPress Paket in der Version Version 2.6.2. Bei dieser Version  handelt es sich um ein Service-Realease, das neben einigen Fehlern auch ein [...]

    Pingback from WordPress 2.6.2 DE-Edition und Upgradepaket » Brandt Aktuell on September 9, 2008

  200. [...] good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a [...]

    Pingback from WordPress 2.6.2 Released | Harmless Geek on September 9, 2008

  201. [...] morning I was pleased to find that a login_redirect filter was added in the just released WordPress 2.6.2, providing a much cleaner [...]

    Pingback from developer - redirecting wordpress subscribers on September 9, 2008

  202. [...] good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a [...]

    Pingback from WordPress Rolls Out 2.6.2 - Its A Mandatory This Time - And How » Sathya Says on September 9, 2008

  203. [...] na área de administração de somente um dos blog onde escrevo. É claro que o subseqüente post feito no blog do WordPress.org não altera muito do que eu disse naquele artigo. Apenas acrescenta e explica algumas [...]

    Pingback from WordPress 2.6.2: algumas considerações e recomendações | PluginMania on September 9, 2008

  204. [...] More here. [...]

    Pingback from Optimus Media News » Recommended WordPress Upgrade on September 9, 2008

  205. [...] most of you have probably already seen in your Dashboard, yesterday afternoon saw the official WordPress 2.6.2 Release. And as mentioned in the comments on my intitial news break on the 2.6.2 Beta, the focus is on two [...]

    Pingback from WordPress 2.6.2 Release :: geek ramblings on September 9, 2008

  206. [...] want to upgrade your site or sites to the latest WordPress release, which is 2.6.2.  There is a vulnerability in WordPress versions prior to 2.6.2. This, however, affects you only if you allow user registrations into your WordPress [...]

    Pingback from Prevent a WordPress Vulnerability Exploit - Upgrade to 2.6.2 | Current Events in Computer Technology | KodeeXII.Net on September 9, 2008

  207. [...] user me resetting password user lain. untuk lebih jelasnya, silahkan langsung menyambangi post yang di rilis oleh tim developer wordpress disini. Menurut mereka, serangan2 seperti ini relatif sulit dilakukan, tetapi mereka merekomendasikan [...]

    Pingback from Rilis WordPress 2.6.2 | Bloggingly on September 9, 2008

  208. [...] von neuen Usern auf ihrem Blog erlauben wird dieser Update empfohlen. Mehr dazu findest Du hier. Auch wurde noch ein paar Fehler behoben. Tags » security, update, wordpress, wordpress [...]

    Pingback from WordPress 2.6.2 ist da | Rol!'s Blog on September 9, 2008

  209. [...] Registrierung das Passwort eines bestehenden Benutzers zurückzusetzen. Weitere Infos dazu gibts Hier. Eine komplette Liste mit den gefixten Bugs gibt es wie immer auch wieder bei WordPress Bug [...]

    Pingback from WordPress 2.6.2 Released » the-exe.org just another blog on September 9, 2008

  210. [...] Bu adresten guncellemeyle ilgili ayrintili bilgiye ulasabilirsiniz. Yazida ozellikle uyelik sistemini kullanan bloglarin bu guncellemeyi uygulamalari oneriliyor. [...]

    Pingback from WordPress 2.6.2 cikti | Burak Gulbahce... on September 9, 2008

  211. [...] your WordPress installation if you value your life! About E.D….. E.D. is a writer and the editor in chief at NeoConstant. He works and writes in [...]

    Pingback from Free advice… | NeoConstant on September 9, 2008

  212. [...] ik dit te tikken schreeuwt WordPress dat ik moet updaten naar WordPress 2.6.2. Niet omdat hij dat leuk vind, maar omdat het zo is gebouwd. Funny, dat ik nu alweer moet updaten; [...]

    Pingback from Rittap » Zinloze dingen on September 9, 2008

  213. [...] clipped from wordpress.org [...]

    Pingback from WordPress, You’re Making Me Crazy! | OVBlogger: Blogging and SEO on September 9, 2008

  214. [...] en el SQL y creación de contraseñas para nuevos usuarios en la anterior sub-versión, el equipo de WordPress recomienda actualizar inmediatamente a la versión 2.6.2 que puede ser descargada desde su sitio [...]

    Pingback from WordPress ES » WordPress 2.6.2 en Español on September 9, 2008

  215. [...] WordPress 2.6.2 [...]

    Pingback from Another WordPress Release: Version 2.6.2 | afewgoodpens.com on September 9, 2008

  216. [...] Full details are in this post on their blog. [...]

    Pingback from WordPress - Urgent upgrade | MyPersonalVPS.com on September 9, 2008

  217. [...] 2.6.2 ini kayaknya cuma upgrade di security-nya. Sebagaimana yang dituliskan di blog wordpress. Security emang penting banget sih. Tapi selama ini saya belum merasakan banyak masalah di [...]

    Pingback from » Malas Upgrade ke WordPress 2.6.2» Blogger juga manusia on September 9, 2008

  218. [...] terbaru dari wordpress 2.6.2 sudah dapat Anda download di situsnya. Jika wordpress Anda mengijinkan registrasi user, maka ada [...]

    Pingback from WordPress 2.6.2 Released | Belajar blog - Artikel tentang Seo - Belajar WordPress on September 9, 2008

  219. [...] WordPress 2.6.2 on the WordPress Development Blog] Digg it! • Stumble this! • Save to del.icio.us [...]

    Pingback from Security Upgrade for WordPress Blogs with Open User Registration—WordPress 2.6.2 | ThrillingDesign.com on September 10, 2008

  220. [...] Informasi selengkapnya http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Update WordPress Yang Gagal | sariful | on September 10, 2008

  221. [...] Consulting encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.6.2 as [...]

    Pingback from WordPress Releases Version 2.6.2 | DarkFiber Consulting - IT Managed Services on September 10, 2008

  222. [...] the WPBlog here: If you allow open registration on your blog, you should definitely upgrade.  With open [...]

    Pingback from BelchSpeak » Post Topic » Upgrade Your WordPress on September 10, 2008

  223. [...] the login page. I told Jason about it and he says, “It sounds like you were hacked thanks to this security bug found in WP version 2.6.1.” So, of course I went and immediately upgraded the affected site. [...]

    Pingback from WordPress and the 2.6.2 mandatory upgrade | John Hawkins Unrated on September 10, 2008

  224. [...] WordPress 2.6.2 was released yesterday in order to fix the bugs due to SQL Column Truncation and the weakness of mt_rand(). [...]

    Pingback from WordPress 2.6.1 to 2.6.2 Update File (WordPress Wednesday) » Techtites on September 10, 2008

  225. [...] Official Announcement Check out their official announcement if you haven’t already done so. Official Announcement [...]

    Pingback from WordPress Update 2.6.1 to 2.6.2 - Download | ahkong.net on September 10, 2008

  226. [...] gestor de continguts i blocs de codi obert WordPress va alliberar, ahir, la versió 2.6.2, que corregeix errors i problemes de seguretat, com un que permetia a un usuari reiniciar les [...]

    Pingback from WordPress 2.6.2, soŀlució a errors i problemes de seguretat | NoticiesTecnologia.com - Actualitat Informàtica, en català on September 10, 2008

  227. [...] WordPress [...]

    Pingback from WordPress 2.6.2 » Werts Networking on September 10, 2008

  228. [...] For de teknisk interesserede er der mere om det hele her [...]

    Pingback from WordPress upgraded » Lyngby Taekwondo Klub on September 10, 2008

  229. [...] After WordPress 2.6.1 was released on August 15th, 2008 and which was not a mandatory update for those where it worked fine (see this official blog post), there has been a security issue which now makes the update to WordPress 2.6.2 – released on September 8th, 2008 – mandatory (see this official blog post). [...]

    Pingback from WordPress 2.6 Released! | Marco Luthe Online! on September 10, 2008

  230. [...] WordPress2.6.2が出たのでさっそく更新したが、今回のリリースにはセキュリティ関連の修正が入っていた。 [...]

    Pingback from WordPress 2.6.2はセキュリティ修正 | Selfkleptomaniac on September 10, 2008

  231. [...] ay bir güncellemesine alıştığımız wordpress, son güncellemesi wordpress 2.6.2 ‘i duyurdu. orjinal yazılımı buradan, wordpress-tr tarafından yayınlanan türkçe [...]

    Pingback from WordPress 2.6.2 | yeni çıktı > tasarım, internet ve teknoloji on September 10, 2008

  232. [...] 喔這次升級是2008/09/09發佈的 [...]

    Pingback from 升級WP 2.6.2 - 藍色心情 on September 10, 2008

  233. [...] Básicamente eso, que he actualizado a la última versión disponible de WordPress, la 2.6.2. [...]

    Pingback from Actualización a WordPress 2.6.2 » Tuxitos - Weblog personal de Alejandro Sobrino - Jander on September 10, 2008

  234. [...] WordPress 2.6.2 was released yesterday. Only a few files have been modified from the 2.6.1 release. I’ve made available a 2.6.1 to 2.6.2 update file for users currently running WordPress 2.6.1 based on the full changeset and list of changed files. Read more and download WordPress 2.6.1 to 2.6.2 update file. [...]

    Pingback from WordPress 2.6.1 to 2.6.2 Update File » Ajay - On the Road called Life! on September 10, 2008

  235. [...] 2.6.2 WordPress Blog: Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness [...]

    Pingback from propaganda press! is state sponsored » Blog Archive » WordPress 2.6.2 on September 10, 2008

  236. [...] Inforationen findet Ihr im Development-Blog bei wordpress.org. [...]

    Pingback from Blog aktualisiert » Cowboy´s Linux-Blog on September 10, 2008

  237. 本站升級 WordPress v2.6.2…

    很快地!又過沒多久的時間,WordPress v2.6.2 又出來了,似乎有趕快叫人升級的味道~~
    事實上也是如此,才短短不到三個星期的時間,WordPress v2.6.2 就發佈了,想必是有修正了不少系統的漏洞……

    Trackback from 來吧!胡說八道! on September 10, 2008

  238. [...] a questa grave falla di sicurezza sono stati risolti alcuni problemi di minore entità. A questo indirizzo è possibile consultare il post dell’annuncio sul blog degli sviluppatori di [...]

    Pingback from MRG_corner » Blog Archive » Upgrade wordpress from 2.6.1 to 2.6.2 on September 10, 2008

  239. WordPress 2.6.2…

    A última atualização para a série 2.6 do wordpress, 2.6.2, que saiu nessa segunda consiste principalmente de correções de bugs.

    Uma atualização curiosa é um novo gerador de números aleatórios. Segundo Stefan Esser, o gerador de números a……

    Trackback from devlog on September 10, 2008

  240. [...] en el SQL y creación de contraseñas para nuevos usuarios en la anterior sub-versión, el equipo de WordPress recomienda actualizar inmediatamente a la versión 2.6.2 que puede ser descargada desde su sitio [...]

    Pingback from WordPress 2.6.2 en Español « Reyson’s Blog on September 10, 2008

  241. [...] on this site has been upgraded to version 2.6.2.  I’ve deciding to take all my websites that are hosted by me and put them on a real [...]

    Pingback from Zeros and Ones » Jobless… Well Not Really on September 10, 2008

  242. [...] Sitio oficial | WordPress.org Descarga | WordPress.org. Vía | WordPress.org Blog. [...]

    Pingback from WordPress 2.6.2 disponible para descargar : Blogografia /version beta/ on September 10, 2008

  243. [...] original, aquí. Descargar la última versión de WordPress, aquí. Tags: bitácoras, Internet, [...]

    Pingback from Extemp”F”oraneo » Actualización de seguridad. WordPress 2.6.2 disponible on September 10, 2008

  244. [...] blog yaziliminin 2.6.1 surumunde detaylarina buradan erisebileceginiz bir guvenlik acigi yayinlandi(WordPress 2.6.1 SQL Column Truncation Vulnerability). [...]

    Pingback from WordPress 2.6.1 de ciddi guvenlik acigi(!) | Complexity is the Enemy of Security… on September 10, 2008

  245. [...] En het lijkt allemaal nog steeds te werken.  WordPress – de motor achter Clicko – is geupdate van v2.6.1 naar v2.6.2.   Meer informatie over de update vind je hier. [...]

    Pingback from Clicko.nl weer geupdate | Clicko.nl on September 10, 2008

  246. [...] Essential WordPress update- Version 2.6.2 has been released and it is essential.  I won’t go into specifics, but this blog almost got hacked due to my registration settings and a WordPress vulnerability.  Bloggers: ALWAYS update your blog to the latest, secure version! [...]

    Pingback from Essential WordPress update | Los Havros on September 10, 2008

  247. [...] Sitio oficial | WordPress.org Descarga | WordPress.org Vía | WordPress.org Blog [...]

    Pingback from WordPress 2.6.2 disponible para descargar | EnygmaTech on September 10, 2008

  248. [...] lançada agora a pouco a versão 2.6.2 do WordPress. A atualização contempla o fechamento de 13 tickets, [...]

    Pingback from Lançado o WordPress 2.6.2 | The Joe Report on September 10, 2008

  249. [...] You can already grab WordPress 2.6.2 from here. More information is available from the official WordPress here. [...]

    Pingback from WordPress 2.6.2 is Out! it’s Security Update at www.HWDOT.com on September 10, 2008

  250. [...] Meer info: http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Upgrade Naar WordPress 2.6.2 on September 10, 2008

  251. [...] Das ganze ist ein Sicherheits-/Service-Update und daher [...]

    Pingback from Amys Welt » Blog Archive » WordPress Update auf 2.6.2 … on September 10, 2008

  252. [...] 2.6.2 has just been released! Read more information at the WordPress blog, or download directly [...]

    Pingback from Release of WordPress 2.6.2 | Blogging Girl on September 11, 2008

  253. [...] http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Upgrade - WordPress 2.6.2 | HIGHLOGIC.NET on September 11, 2008

  254. [...] – don’t shoot the messenger!  THEY said “Mandatory [...]

    Pingback from Mandatory Upgrade at Desperately Seeking WordPress on September 11, 2008

  255. [...] stata rilasciata una nuova release del popolare blog engine [...]

    Pingback from Rilasciato WordPress 2.6.2 | FDS on September 11, 2008

  256. [...] offizielles Entwicklerstatement [...]

    Pingback from WordPresshosting » Blog Archive » WordPress 2.6.2 on September 11, 2008

  257. [...] Here’s the lowdown on why you should upgrade to 2.6.2 [...]

    Pingback from WordPress 2.6.2 | ErumMunir.com on September 11, 2008

  258. [...] wonder if it has to do with the current security hole (is there already an exploit ?), an earlier for WordPress 2.2 or simply spam [...]

    Pingback from UeberTs Thoughts » strange accesses to WordPress register page on September 11, 2008

  259. [...] Official Post [...]

    Pingback from WordPress 2.6.2 Released : digitalizes on September 11, 2008

  260. [...]        请赶紧升级到:WordPress 2.6.2    http://wordpress.org/development/2008/09/wordpress-262/  [...]

    Pingback from 注意:WordPress 2.6.1存在SQL Truncation安全漏洞 - winZeng*北京SEO on September 11, 2008

  261. [...] night I upgraded from WordPress v2.6.1 to WordPress v2.6.2.  You’ve heard me extoll the virtues of WordPress.  Free, open source, easy to modify and [...]

    Pingback from PDRater.com » Another WordPress Update on September 11, 2008

  262. [...] 2.6.2(stable) released Hello Guys, WordPress 2.6.2 September 8, 2008 [...]

    Pingback from WordPress 2.6.2(stable) released, WordPress Discussion Discussion on September 11, 2008

  263. [...] Täydellisen listan softan muutoksista voit lukea täältä. [...]

    Pingback from Napu Ry » Blog Archive » Softat päivitetty on September 11, 2008

  264. [...] WordPress 2.6.2 was released on September 8, 2008. 2.6.2 is a security and bugfix release. [...]

    Pingback from SFU Blog Service » Blog Archive » WordPress upgraded to 2.6.2 on September 11, 2008

  265. [...] to WordPress 2.6.2… seems there’s a big issue with previous versions: Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness [...]

    Pingback from Updated to WordPress 2.6.2 | FlishFun.com on September 11, 2008

  266. [...] 2.6.1 is still new but I have to update it to the new version. I am not really understood what WordPress said about this. WordPress [...]

    Pingback from shafawi dot com - WordPress Update Again! on September 12, 2008

  267. [...] nach über 2 Jahren nun das Design geändert. Im Zuge des Updates von WordPress auf die aktuelle Version 2.6.2 ist es irgendwie nicht mehr vermeidbar gewesen, da das alte Theme noch für die Version 1.5 [...]

    Pingback from E-Learning Blog im neuen Gewand – e-Learning Blog on September 12, 2008

  268. [...] evening I updated all of my WordPress-running sites (including ChrisMLindsey.com) to WordPress version 2.6.2.  Let me know if you see anything awry with the site.  And if you run a site (or sites) on [...]

    Pingback from Updated to WordPress 2.6.2 on September 12, 2008

  269. [...] 2.6.2 Upgrade Now: Many people are not taking the latest announcement about the WordPress 2.6.2 upgrade seriously. The security flaw this update repairs applies to all PHP applications, not just [...]

    Pingback from WordPress Wednesday News: 4 WordCamps, WordPress 2.6.2, Bad Themes, Count Twitterers, Threaded Comments, and Sticky Posts | The Blog Herald on September 12, 2008

  270. [...] New version of WordPress dropped today. No new features, but a couple of security fixes (Release Notes). [...]

    Pingback from WordPress 2.6.2 » EricByers.com on September 12, 2008

  271. [...] WordPress 2.6.2 [...]

    Pingback from Pin Podcast | Pin #103 on September 12, 2008

  272. [...] Der Patch behebt eine Schwachstelle, die durch die Nutzung von mt_rand() aufgetreten ist. (Näheres hier) Update ging soweit schnell und ohne Fehler. Man brauchte nichtmal die wp-admin/upgrade.php. [...]

    Pingback from WordPress Upgrade to 2.6.2 | Some notes on September 12, 2008

  273. [...] released already. – 1 Minute Ago WordPress 2.6.2 ReleasedSeptember 8, 2008 Free ecommerce templates == Domain Name Registration == Free Directory [...]

    Pingback from Are you going WP 2.5? on September 12, 2008

  274. [...] WordPress 2.6.2 is out.  If you are running WordPress and have open user registration, be sure to upgrade.  For a full description of the reason to upgrade, read this: WordPress 2.6.2. [...]

    Pingback from Ryan Grier.com » WordPress 2.6.2 is Out on September 12, 2008

  275. [...] de WordPress, a los blogs que permiten el registro de nuevos usuarios. En el blog oficial está toda la información en [...]

    Pingback from WordPress | España » WordPress 2.6.2 on September 12, 2008

  276. [...] *WordPress 2.6.2 Released* – WordPress 2.6.2 was released earlier this week to fix a security problem dealing with the mt_rand php function. You really need to upgrade your blog if you allow open registration. The problem is not tied strictly to WordPress rather, this issue affects many other PHP apps as well such as Vbulletin. – http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from WordPress News For The Week Of September 12th 2008 » The NMP Network on September 13, 2008

  277. [...] is a must have upgrade in case you allow open registrations on your blog.  Here’s what wordpress developers say to upgrade to latest version With open registration enabled, it is possible in WordPress [...]

    Pingback from Top Stories This Week - #1 on September 13, 2008

  278. WordPress 2.6.2 Update – Download Available…

    The latest version of WordPress has been released:
    Wordpress 2.6.2 Update – Download
    If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to….

    Trackback from Starting a Blog on September 13, 2008

  279. [...] 最近都沒有每一版寫篇更新文,WordPress 2.6.2 發行了,2.6.1版有可以從管理介面得到管理權限的問題。 [...]

    Pingback from WordPress 2.6.2 | None on September 13, 2008

  280. [...] 别的弱点还没有,官方原文: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.  Stefan Esser will release details of the complete attack shortly.  The attack is difficult to accomplish,  but its mere possibility means we recommend upgrading to 2.6.2. [...]

    Pingback from 升级WordPress2.6.2 | Lin's空间|Only on September 13, 2008

  281. [...] The individual that reset your password wont know what it is ether, so this security flaw is mostly just simply annoying.  The problem is that there is also a problem with the randomness of the randown password generator used by WordPress.  It turns out that it’s not so random afterall. [WordPress Blog] [...]

    Pingback from Upgrade to WordPress 2.6.2 or your blog might die! | Bent Corner on September 13, 2008

  282. WordPress 2.7 Wish Lists…

    Although Wordress version 2.6.2 has just been released a few days ago, Ryan Roben, one of Wordperss developers team opens up a little secret that WordPress 2.7 is on the pipeline. The WP 2.7 promises a whole lot new features including “reply to c…

    Trackback from Blogger Indonesia A. Fatih Syuhud Weblog on September 13, 2008

  283. [...] For more information, check out the release post. [...]

    Pingback from wordpress2.62 | Katree's Home on September 13, 2008

  284. [...] was up. Until yesterday, though, I didn’t know what was going on. Now, thanks to the WordPress 2.6.2 release, I do: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to [...]

    Pingback from Robservatory » Blog Archive » If your account here is gone, here’s why… on September 13, 2008

  285. [...] Boren announced this mandatory security upgrade saying “if you ALLOW OPEN REGISTRATION in your blogs, you [...]

    Pingback from Mandatory Upgrade: WordPress 2.6.2 on September 13, 2008

  286. [...] I upgraded my main blog to WordPress 2.6.2, the latest version released a few days [...]

    Pingback from The endless WordPress login loop — Next on September 13, 2008

  287. [...] of WordPress which addresses some security issues and a couple of bugs. Here the write up from the development blog: Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness [...]

    Pingback from WordPress 2.6.2 released | wordpressguru.eu on September 13, 2008

  288. [...] on the news here but I have upgraded to 2.6.2. Grab it here. View their blogs here for 2.6.1 and here for [...]

    Pingback from WordPress 2.6.1 and 2.6.2 are out | Ben's Blog on September 13, 2008

  289. [...] Today, we upgraded all our blogs to WordPress 2.6.2. The update fixes some security issues. More info can be found on the WordPress blog. [...]

    Pingback from WordPress 2.6.2 | Mylearning.be on September 13, 2008

  290. [...] WordPress 2.6.2 was released and I upgraded this site. It’s a security release so considered required although the developer blog indicates it’s mainly a concern if open registration is allowed. I decided to upgrade anyway. I have to admit, I’m getting a a bit lazy with these minor upgrades. I just check that the latest backups were done and do the upgrade. No installation in a test environment or other testing. Eventually I’ll get burned and mend my lazy ways. [...]

    Pingback from The OS Quest Trail Log #33: Potpourri at The OS Quest on September 14, 2008

  291. [...] Auf Englisch findet ihr das hier. [...]

    Pingback from WordPress 2.6.2 | Cookiedose on September 14, 2008

  292. [...] να διαβάσετε την ανακοίνωση εδώ. Uncategorized  Εκτυπώστε το άρθρο Παρακολουθείστε την [...]

    Pingback from WordPress 2.6.2 on September 14, 2008

  293. [...] [Fonte: WordPress Blog] [...]

    Pingback from WordPress | Portugal » WordPress 2.6.2 em pt_PT já disponível on September 14, 2008

  294. [...] WordPress Blog]  por José Fontainhas  |     Anúncios, Segurança  2.6.2, [...]

    Pingback from WordPress 2.6.2 em pt_PT já disponível | WordPress-PT on September 14, 2008

  295. [...] 這次更新的內容主要在於修復有關開放註冊的漏洞,根據官方的說法,駭客們似乎是可以利用註冊的漏洞來更改他人的密碼,導致整個站的資料被更改,假如你有開放註冊的話,建議你馬上更新或者是關閉註冊功能。 [...]

    Pingback from 「腿」很久的Wordpress 2.6.2更新 | the KiDs ?! on September 14, 2008

  296. [...] kann ich mir sowas einfach nicht ansehen. Lieber auf Halbmast, während ich WordPress aktualisiere. Sonst gibt’s hinterher ein schwarzes Loch, wo vorher mein Kopf hing. Der platzt da einfach. [...]

    Pingback from woxBlog » Die ohne Praxis und der mit der Meise on September 14, 2008

  297. [...] released already. – 2 Days Ago WordPress 2.6.2 Released : September 8, 2008 Free ecommerce templates == Domain Name Registration == Free Directory [...]

    Pingback from Are you going WP 2.5? on September 14, 2008

  298. [...] I’ll upgrade today. If you need a new password, let me know. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. [...]

    Pingback from One Utah » Blog Archive » Update: OneUtah/WordPress Technical Problems on September 14, 2008

  299. [...] WordPress 2.6.2 Very good. Always a good thing to be getting those updates. [...]

    Pingback from Weekly Links #18 | GrantPalin.com on September 15, 2008

  300. [...] Changelog Más información: WordPress Comparte este articulo:Estos íconos enlazan con webs de marcadores sociales que permiten a los [...]

    Pingback from Publicado oficialmente el nuevo WordPress 2.6.2 on September 15, 2008

  301. [...] Ver: Changelog Más información: WordPress [...]

    Pingback from Información tecnológica, Noticias de Tecnología » Publicado oficialmente el nuevo WordPress 2.6.2 on September 15, 2008

  302. [...] encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.6.2 as [...]

    Pingback from Ubuntu Security » Blog Archive » WordPress Releases Version 2.6.2 on September 15, 2008

  303. [...] installed WordPress 2.6.2 today, and it got me thinking about what has made wordpress the undefeated king of blogging [...]

    Pingback from Why WordPress Is Still King on September 15, 2008

  304. [...] 2.6.2 came out a week ago, and it would be awesome if it would revert to the older way of aligning images–you know, the way that worked. Unfortunately, I was hoping for that with 2.6.1 as well, and no such luck. So, for the time being, my images are all messed up, and my style.css file is littered with attempts to find a fix. I kid. It’s fine. But the images aren’t. [...]

    Pingback from Nonprofit Girl » WP 2.6: image alignment complaints on September 16, 2008

  305. [...] selengkapnya http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from WordPress 2.6.2 Telah di Rilis « Muslim’s Weblog on September 16, 2008

  306. [...] WordPress 2.6.2 is out and it closes an exploit in previous versions. [...]

    Pingback from Speedlinking - 17 September 2008 on September 16, 2008

  307. [...] to version 2.6.2 for more information on this update visit WordPress website by clicking this link WordPress › Blog » WordPress 2.6.2 __________________ Our TOS and Policies GeekStep Shared & Reseller Plans – (NO ADs!) Get [...]

    Pingback from Update Your WordPress to 2.6.2 - Geekstep - Free Cpanel Hosting on September 17, 2008

  308. [...] sich genau geändert hat, kannst du unter http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from Martin Riedl - Weblog» Blogarchiv » Blog-Update auf 2.6.2 on September 17, 2008

  309. [...] *More about wordpress 2.6.2 about Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand() , you can read at WordPress Blog. [...]

    Pingback from Upgrade Your WordPress to 2.6.2 version on September 18, 2008

  310. [...] WordPress 2.6.2 – UPGRADE NOW! [...]

    Pingback from WordCast 28: Liez Stross? | Kym Huynh on September 18, 2008

  311. [...] WordPress › Blog » WordPress 2.6.2 Social Bookmarking: [...]

    Pingback from The Cotton Club » Blog Archive » SQL Truncate & mt_rand() on September 19, 2008

  312. [...] WordPress 2.6.2 is out and it closes an exploit in previous versions. [...]

    Pingback from Speedlinking - 17 September 2008 | Get Website Traffic on September 19, 2008

  313. [...] you’re seeing anything less than 2.6.2, shame on you! WordPress 2.6.2 fixes a major security issue. Make sure and update as soon as [...]

    Pingback from Random Blatherings » Blog Archive » WordPress Plugin: Replace WP-Version on September 19, 2008

  314. [...] WordPress Development Blog: WordPress 2.6.2 [...]

    Pingback from WordPress 2.6.2 : Dragonfly Networks on September 21, 2008

  315. [...] Всем обновлятся! Найдена уязвимость в коде – если вы открыли регистрацию в блоге, то инъекция может надыбать себе имена пользователей и изменить у них пароль на случайный. Конечно это не страшно. Но как бы не приятно – вы заходите и тут вам бац – пароль сменили. Брать обновление тут [...]

    Pingback from Ахтунг! Вышел новый WordPress 2.6.2 | Последний шанс on September 22, 2008

  316. [...] WordPress 2.6.2 is out and it closes an exploit in previous versions. [...]

    Pingback from Antilogic Media - Design, Technology, SEO, Online Marketing and more… :: Antilogic Media on September 22, 2008

  317. [...] we all can see in the Blogosphere, automaticc release a new wordpress version which fixes a couple of security flaws and bugs. So go and [...]

    Pingback from WordPress 2.6.2 Released! - Uncategorized - Rezeptfrei Kaufen Infoblog on September 24, 2008

  318. [...] update to my last post regarding the “hacking” attempts via the vulnerability fixed in version 2.6.2 of WordPress, I’ve had several more people trying to take a crack at this – just now I deleted 16 phony [...]

    Pingback from Server troubles on September 24, 2008

  319. [...] WordPress 2.6.2.: This release is in response to a recent warning to developers from Stefan Esser about the dangers of SQL Column Truncation and weaknesses of mt_rand(). The issue at hand that forced the release is discussed in detail on the WordPress.org blog post linked above. Basically the attack is complex, is dependent on open registration being turned on in your blog, but can be executed in theory and turns out to be more of an annoyance than an actual exploit. [...]

    Pingback from PhotoNeil’s Favourite Blogs » Weblog Tools Collection: WordPress 2.6.2 Released | A Comprehensive Collection of Blog Posts from my favourite Blogs on September 24, 2008

  320. [...] Ryan Boren has announced the mandatory WordPress 2.6.2 upgrade has been released and WordPress users are required to download WordPress 2.6.2 and upgrade immediately. [...]

    Pingback from PhotoNeil’s Favourite Blogs » Lorelle on WP: WordPress 2.6.2 Mandatory Upgrade | A Comprehensive Collection of Blog Posts from my favourite Blogs on September 24, 2008

  321. [...] most of you have probably already seen in your Dashboard, yesterday afternoon saw the official WordPress 2.6.2 Release. And as mentioned in the comments on my intitial news break on the 2.6.2 Beta, the focus is on two [...]

    Pingback from PhotoNeil’s Favourite Blogs » Dougal Campbell: WordPress 2.6.2 Release | A Comprehensive Collection of Blog Posts from my favourite Blogs on September 24, 2008

  322. [...] I’m updating even though the security problem is a very low risk. [...]

    Pingback from ricketyclick » Blog Archive » WordPress: Update to 2.6.2 on September 25, 2008

  323. [...] [Fonte: WordPress Blog] [...]

    Pingback from Blog Pessoal de Ricardo Cabral & Suporte PT Servidor » WordPress 2.6.2 está disponível! on September 27, 2008

  324. [...] the scenes an upgrade to WordPress 2.6.2 has happened, which went very well. I’ve also embraced wordpress as a CMS, and dispensed [...]

    Pingback from leyton.org » Another update… on September 29, 2008

  325. [...] is a required update. WordPress MU isn’t vulnerable to the security bugs that were the reason for WordPress 2.6.2 but it does contain a number of important bug fixes, [...]

    Pingback from WordPress MU 2.6.2 | WordPress Blog NL on September 30, 2008

  326. [...] Bloggen är uppdaterad till WordPress MU version 2.6.2. [...]

    Pingback from The Merikan Family Blog Site » Blog Archive » Bloggen uppdaterad on October 1, 2008

  327. [...] to WordPress 2.6.2 October 3rd, 2008, 9:54 pm by Mathias I just upgraded the blog software to WordPress 2.6.2. If you notice any problems, please let me [...]

    Pingback from A Concurrent Affair » Blog Archive » Update to WordPress 2.6.2 on October 4, 2008

  328. [...] updated to WordPress 2.6.2: Finally, the Fantastico De Luxe gave me the option to upgrade to 2.6.2 from 2.6.1. Even though this blog is not really affected by the security issues on 2.6.1, I just [...]

    Pingback from KisahberuanG.com® » Update: 06-10-2008 on October 5, 2008

  329. [...] giderilmiş hataların listesini gördüm. Buradan bakabilirsiniz. Daha fazla ayrıntı ve indirmek için buraya bakabilirsiniz. Tags: sürümü, wordpress 2.6.2, WordPress 2.6.2 beta, [...]

    Pingback from WordPress 2.6.2 beta sürümü yayınlanmış | Forum Bilge on October 6, 2008

  330. [...] récemment, en septembre 2008, vous avez peut-être mis à jour votre blog WordPress du fait d’une faille de sécurité touchant là encore les nombres pseudo-aléatoires. En effet, dans les versions précédentes, un [...]

    Pingback from Sécurité informatique et nombres aléatoires on October 7, 2008

  331. [...] update comes out, the announcement blog post links to a full changeset and list of changed files. (Example  Post) Once you’ve clicked though to the WordPress trac site, scroll down to the bottom of the page [...]

    Pingback from WordPress Updates: Is there to much of a good thing? | BloggerDesign from TopRank Online Marketing on October 8, 2008

  332. [...] just noticed the new WordPress v2.6.2 is out. I guess I’ll upgrade all of my blog sites to that version and kill some time before I [...]

    Pingback from Wide awake at 2:30am | random neuron misfires on October 11, 2008

  333. Percobaan mencari segenggam berlian dari Google AdSense…

    Setelah mengubek-ubek informasi yang diperlukan untuk mencoba membuat website untuk menambang berlian dari Google AdSense alias cari duit lewat internet. Akhirnya jadi juga satu website yang mudah-mudahan bisa berhasil untuk mendapatkan klik sebanyak-b…

    Trackback from wiliam.info on October 12, 2008

  334. [...] example in the WordPress 2.6.2 announcement we have: Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the [...]

    Pingback from follow the white rabbit » Responsible security releases on October 18, 2008

  335. [...] nothing to upgrade as I also upgraded all the WordPress Plugins by uploading them together with the WordPress 2.6.2 [...]

    Pingback from BLOG » Upgraded to WordPress 2.6.2, WordPress Plugin Automatic Upgrade » Sofie Estolloso Hofmann Designs International - Weggis, Switzerland on October 22, 2008

  336. [...] Łatka dotyczy dwóch plików (właściwie jednego jak ktoś chce – więcej). CMS aktualizujemy poprzez skopiowanie plików: wp-includes/class-snoopy.php wp-includes/version.php warunkiem jest posiadanie WordPress 2.6.2. [...]

    Pingback from WordPress 2.6.3 is available! • n!3 firmowy blog on October 26, 2008

  337. [...] al link: ITA < http://www.wordpress-it.it/2008/09/09/wordpress-262-in-italiano/ > ENG < http://wordpress.org/development/2008/09/wordpress-262/ [...]

    Pingback from CMS sicurezza | lo stanzino di EngiMedia on November 2, 2008

  338. [...] der Version 2.6.2 handelt es sich um ein Servicerealease, das neben einigen Fehlern auch ein Sicherheitsproblem [...]

    Pingback from WordPress 2.6.2 DE-Edition und Upgradepaket « WordPress Deutschland Blog on November 25, 2008

  339. [...] offizielles Entwicklerstatement → WordPress in 5 Minuten installieren → Wie führe ich ein Upgrade durch? → Was sind die [...]

    Pingback from WordPress 2.6.5 veröffentlicht « WordPress Deutschland Blog on November 25, 2008

  340. [...] Genauers zu dem Thema findet man auf Englisch [hier] [...]

    Pingback from Update auf Version 2.6.2 | roadeo.de on December 13, 2008

  341. [...] WordPress from v2.6 to v2.6.2 and then recently again from v2.6.2 to [...]

    Pingback from Blog Updates - December 2008 | TylerCruz.com: An Internet Entrepreneur’s Journey on December 14, 2008

  342. [...] WordPress 2.6.2 By Ryan. Filed under Releases, Security. [...]

    Pingback from Successful upgrade to WordPress 2.6.2 | Robert@PNG on December 28, 2008

  343. [...] WordPress 2.6.2 on the WordPress Development [...]

    Pingback from Security Upgrade for WordPress Blogs with Open User Registration—WordPress 2.6.2 » Thrilling Heroics on January 25, 2009

  344. [...] Das ganze ist ein Sicherheits‑/Service-Update und daher [...]

    Pingback from Amys Welt » Blog Archive » WordPress Update auf 2.6.2 … on March 15, 2009

  345. [...] sobre o problema são explicados nesse post do Ryan. Publicado por Cátia Kitahara em Releases Compartilhe: Digg • Del.icio.us • [...]

    Pingback from WordPress 2.6.2 pt_BR » Comunidade WordPress-BR on April 14, 2009

  346. [...] WordPress 2.6.2早发行了,看了介绍,发现我没什么升级的必要。哪天闲慌慌到无事可做时,再来升个级吧。 [...]

    Pingback from Kylexlau’s Weblog » Blog Archive » Imageless on June 22, 2009

  347. [...] Und weiter geht es mit dem nervigen Updates von WordPress, denn mittlerweile wurde WordPress in der Version 2.6 veröffentlicht. [...]

    Pingback from WordPress 2.6.2 ist verfügbar » Beitrag » myWordPress.de on June 27, 2009

  348. [...] Gestern Nacht ist eine neue WordPressversion herausgekommen. Ein Problem in der Benutzerregistrierung war wohl der Auslöser für dieses Sicherheitsupdate. Ein paar Bugfixes wurden in 2.6.2 auch noch vorgenommen. Ein Update sei also jedem empfohlen.Infos: WordPress 2.6.2 [...]

    Pingback from My Habari :: WordPress 2.6.2 - Sicherheitsupdate on July 10, 2009

  349. [...] STORIES THAT WERE DISCUSSED – How Portable Is Your Blog Transforming Your Blog Into A Really Big Business All Bloggers Are Not Alike Here’s How Affiliate Marketing Works BloggingTips Blog Directory Returns WordPress 2.6.2 Released [...]

    Pingback from Perfcast Episode 3 – Patriot Edition : Performancing on July 11, 2009

  350. [...] WordPress 2.6.2 was released due to a weakness that has been discovered in something known as mt_rand(). WordPress 2.6.2 is a critical release for those of you who allow open registration on your blog. Here is the reason why: With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. [...]

    Pingback from WordPress 2.6.2 Released : Performancing on July 11, 2009

  351. [...] Und weiter geht es mit dem nervigen Updates von WordPress, denn mittlerweile wurde WordPress in der Version 2.6 veröffentlicht. [...]

    Pingback from WordPress 2.6.2 ist verfügbar » Version, Probleme, WordPress, Fehler, Trac, Kelinigkeit » fgBlog.de on August 2, 2009

  352. [...] ukazała się wersja WordPress oznaczona numerem 2.6.2. Doszło kilka nowych, ciekawych funkcji oraz poprawiono bezpieczeństwo. Jeśli ktoś nie [...]

    Pingback from LUKACIJEWSKA.PL » Blog Archive » Moi drodzy on August 15, 2009

  353. [...] blog memember pon tak sempat. Lepas raya kot aku tak seberapa bz sangat. Sesambil aku hapdet ke WP 2.6.2, aku nak gak prmote C.S.O ( Crazy Shooter Online ). Game nie sebijik macam Counter-Strike. Sebelum [...]

    Pingback from C.S.O Crazy Shooter Online » BlogSempoi.Com on September 18, 2009

  354. [...] cierto… ¿ya estás enterado de la salida de WordPress 2.6.2, [...]

    Pingback from Enredando socialmente tu WordPress « Los temas del Pelado on September 29, 2009

  355. [...] Update Manager 11 Updates sieht, sehe ich, dass es eine neue WordPress Version gibt. Es ist die 2.6.2. Neben ein paar Fehlern wurde ein, meiner Meinung nach, schwerwiegender Fehler beseitigt, welcher [...]

    Pingback from WordPress 2.6.2 – Sicherheitsrelease » Exploit, Release, Sicherheit » ocean90s weblog on October 11, 2009

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.

Categories

%d bloggers like this: