WordPress 2.0.7

Posted January 15, 2007 by Mark Jaquith. Filed under Releases, Security.

Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

Because this is a much smaller update than previous versions, you do not have to update all of WordPress’ files if you’re upgrading from version 2.0.6. Here is the list of files that have changed since 2.0.6:

  • wp-admin/inline-uploading.php
  • wp-admin/post.php
  • wp-includes/classes.php
  • wp-includes/functions.php
  • wp-settings.php
  • wp-includes/version.php

We know it sucks to have a release only 10 days after our last one, but we think it’s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal.

Here are the changes that have been made since 2.0.6:

  • Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to “On.”
  • Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
  • Backport of another 304 Not Modified fix from WordPress 2.1
  • Deleting WordPress Pages no longer gives an “Are You Sure?” prompt.
  • After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
  • Sending an image at original size in Internet Explorer no longer adds an incorrect “height” attribute.

And just as a reminder, the next major version of WordPress (2.1) is due out by the end of the month, but the 2.0 branch of WordPress will continue to be maintained for several years.

No Pings

RSS feed for comments on this post.

  1. […] questo “appunto” sottolineato dagli sviluppatori di WordPress: entro la fine del mese, dovrebbe vedere la […]

    Pingback from Aggiornamento a WordPress 2.0.7 on June 29, 2008

  2. […] — roidtw @ 23:32 我原來還以為 WordPress 會從 2.0.6 直接跳到 2.1 , 沒想到 2.0.7 還是出來了… 改的檔案不多(只有 6 個檔案), 主要是針對 php […]

    Pingback from WordPress 2.0.7 « roid in TW on February 3, 2009

See Also:

For more WordPress news, check out the WordPress Planet.

There’s also a development P2 blog.

To see how active the project is check out our Trac timeline, it often has 20–30 updates per day.


%d bloggers like this: