WordPress.org

Ready to get started?Download WordPress

Forums

WORDPRESS 2.3.3 IS AVAILABLE!!!! (79 posts)

  1. whooami
    Member
    Posted 6 years ago #

    Here is a list of changed files:

    wp-includes/version.php
    wp-includes/pluggable.php
    wp-includes/gettext.php

    wp-admin/install-helper.php

    xmlrpc.php

    I noticed that the xmlrpc.php is up for grabs all by its lonesome over here too > http://wordpress.org/development/2008/02/wordpress-233/

  2. whooami
    Member
    Posted 6 years ago #

    also, if you want just the changed files, in a zip ..Ive made a zip available on my site --

    http://www.village-idiot.org/archives/2008/02/04/wordpress-2-3-3/

  3. 14words
    Member
    Posted 6 years ago #

    Bugger... Now I have to update 5 sites :(

    Better safe then sorry I guess.

  4. whooami
    Member
    Posted 6 years ago #

    Better safe..

    Much.

  5. motocafe
    Member
    Posted 6 years ago #

    Is there a summary of the changes (not just the changed files)? Seems like there should be a "News" category on this site...

  6. 14words
    Member
    Posted 6 years ago #

    Seems to be a major security fix!

    WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

  7. Chris_K
    Member
    Posted 6 years ago #

    @motocafe: Check the "blog" link at the top of every page (also in your WP Dashboard page).

  8. Charles Frees-Melvin
    Member
    Posted 6 years ago #

    *3780 gettext fails to determine byteorder on 64bit systems with php5.2.1
    *5273 some registration emails fail in 2.3.1 b/c of "callout verification"
    *5090 maybe_create_table call to config.php issue.

    In addition to the xmlrpc issue.

  9. projectego
    Member
    Posted 6 years ago #

    Upgraded all of my sites to the latest available version and everything is working like a charm. :)

  10. pioneerdany
    Member
    Posted 6 years ago #

    after updating the permalinks "Date and name based" are not functioning. I had to switch to "Default"

  11. Frewfrux
    Member
    Posted 6 years ago #

    The last time I upgraded I lost all the customization I had made to my theme. Even trying to restore from my backup did not restore the modified files.

    Is there anything different about this upgrade from the last one that deleted weeks worth of work?

  12. Charles Frees-Melvin
    Member
    Posted 6 years ago #

    just upload the changed files mentioned above.

  13. Chris_K
    Member
    Posted 6 years ago #

    Frewfrux: This might seem overly obvious in hindsight, but don't change the "Default" theme. If that's your base, make a copy of it in a sep. theme directory and work from there. That way, updates to Default won't impact you.

  14. Paul
    Member
    Posted 6 years ago #

    If I've got a blog on 2.2.2 (for plugin reasons) do I need to update that one as well? What release is vulnerable?

  15. moshu
    Member
    Posted 6 years ago #

    Usually, EVERY earlier release is vulnerable.

  16. Frewfrux
    Member
    Posted 6 years ago #

    Heh, yeah...Hindsight is 20/20. From the looks of it I can just update specific files. The last update I did was from one version of WordPress to another, so that wasn't an option.

  17. LisaRenee777
    Member
    Posted 6 years ago #

    After doing this upgrade images that previously were on my blog in the side bar and for my template are now not showing on the blog. They still exist where they were located previously but do not show for some reason.

  18. JenRed
    Member
    Posted 6 years ago #

    Am I right in thinking that if I am the only person authorised to post on my blog then I don't need this upgrade?

    "a specially crafted request would allow any valid user to edit posts of any other user on that blog"

    My site is at http://www.jenleheny.com

  19. whooami
    Member
    Posted 6 years ago #

    LisaRenee777,

    thats completely useless information, given that we do not what version you upgraded from.

    To everyone:

    The changes from 2.3.2 to 2.3.3. were miniscule

    1. there was one one number changed inside version.php,

    2. there was one line having to do with mail added inside pluggable.php

    3. there was one path adjustment made inside install-helper.php, that only impacts installs and locating wp-config.php

    4. there was one change to one line inside gettext.php that fixes a bug with byteordering.

    5. Lots was changed inside xmlrpc.php, that addresses remote posting and permissions.

    In other words, NOTHING in those 5 files ought to be breaking your blog, if this is just an upgrade form 2.3.2 to 2.3.3 (which it ought to have been if youre a responsible web master) -- it just wasnt that complicated of a change. :|

    This is such a pathetically simple upgrade...

    If youre having trouble, then it *might* be easier to figure out whats going on if you actually provided the version number you upgraded from. And maybe even easier, if you actually started your own thread, so people could adresss one problem at a time in one thread at a time. (thats JUST a suggestion).

  20. whooami
    Member
    Posted 6 years ago #

    JenRed,

    No, you are not. Do you allow registrations? Anyone that registers is valid.

    I looked, you dont allow registrations, so no, youre not necessarily baiting an exploit if you left things as is, but really whats the big deal?

    What IF you want to allow registrations later? its 5 files. :(

  21. LisaRenee777
    Member
    Posted 6 years ago #

    whooami...it may be completely useless but that's exactly what happened. The image for template and an image in the sidebar no longer show but are still present in the template and in the widget. Nothing was changed/modified/etc with the exception of doing the upgrade from 2.3.2 to 2.3.3.

    Which is why I came here and posted...It did not make sense. My test site with the same template/image is working properly and it has not been upgraded to the 2.3.3 it is still 2.3.1.

    http://lisarenee.glasscityjungle.com/ - test site

    http://glasscityjungle.com/wordpress - real site

  22. whooami
    Member
    Posted 6 years ago #

    read what I said -- I said its useless because you didnt initially indicate what you version you were using prewiously. Im not interested in getting into a p*ssing match, but you must realize that there are 1000's of ppl upgrading their installs, and without knowing where you started, what you say after, is meaningless.

    NOW that we know you started with 2.3.2 .. so now its something that can be looked at.

  23. linushenning
    Member
    Posted 6 years ago #

    HELP!

    After installing 2.3.3 the text in my header image disappeared. It used to say the name of the blog, but now it is blank. How do I fix this?

  24. LisaRenee777
    Member
    Posted 6 years ago #

    whooami - I was admitting what I provided was probably useless. Expecting you to be a mind reader is not realistic. But thank you in advance for any assistance/information/advice you can provide.

  25. JenRed
    Member
    Posted 6 years ago #

    Thanks whooami for your answer and for your zip file of just the 5 changed files. :)

    http://www.village-idiot.org/archives/2008/02/04/wordpress-2-3-3/

  26. ideator
    Member
    Posted 6 years ago #

    I am getting sick and tired for having to upload a new version so often. Can't you people get it right? Or at least invent a tool to make the upgrades less painful. And another note since I'm venting: WordPress is great as blog software but it is not good forum software.

  27. Chris_K
    Member
    Posted 6 years ago #

    WordPress isn't forum software. Nor is it meant to be.

  28. Sridhar Katakam
    Member
    Posted 6 years ago #

    ideator: I don't think using a FTP client to upload (overwrite) 5 files is "painful".

  29. Skolo
    Member
    Posted 6 years ago #

    404 NOT FOUND Error

    How Do I fix this?
    I upgraded from 2.3.1 to 2.3.3 and all my stuff seems gone. Backed up database and retrieved it successfully but can't access my blog or wp-admin dashboard. Received this message:

    Warning: main(/home/videvcom/public_html/vlog/wp-includes/compat.php) [function.main]: failed to open stream: No such file or directory in /home/videvcom/public_html/vlog/wp-settings.php on line 117

    Warning: main(/home/videvcom/public_html/vlog/wp-includes/compat.php) [function.main]: failed to open stream: No such file or directory in /home/videvcom/public_html/vlog/wp-settings.php on line 117

    Fatal error: main() [function.require]: Failed opening required '/home/videvcom/public_html/vlog/wp-includes/compat.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/videvcom/public_html/vlog/wp-settings.php on line 117

  30. maDCap
    Member
    Posted 6 years ago #

    Just my two cents for what it's worth:

    If the choice is between less frequent upgrades and waiting longer for the slight tweaks and improvements on the one hand and more frequent upgrades and having each slight tweak available the minute it's ready on the other hand, I opt for the former.

    Some folks may not find it a pain to upgrade, but I do, and ignoring the upgrade means putting up with those messages all over the place alerting everyone to the new upgrade.

    This latest upgrade (2.3.3) doesn't even let us know what the upgrade is for. For all we know, the upgrade does nothing more than fix a bug that allows the possibility someone might see draft versions of posts. I, for one, wouldn't even care about that, as even my drafts are profound.

    Just kidding, of course, but, perhaps it would be possible to allow us to turn off the notices of the new upgrades, at least?

    In any case, WordPress is not only awesome, it's free, so please take this only as a friendly suggestion, and thanks for a great product and all y'all's hard work.

    Craig

Topic Closed

This topic has been closed to new replies.

About this Topic