WordPress.org

Forums

[resolved] Where is the security announcement? (7 posts)

  1. solutionsphp
    Member
    Posted 8 years ago #

    I read about a new security vulnerability in WordPress:
    http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml

    I see that 2.0.3 has been released with a fix, but where is the annoucement about this security issue? I've looked on wordpress.org, the doc wiki, the forums, and can't find an official notification. I am subscribed (2 different email addresses) to the WP announcement mailing list, but I've never received any email from that list ( with NO server side spam filtering).

    Did WordPress notify users? If so, can someone please point me in the direction of this notification?

    Also, has a fix for v. 1.5.3-1beta been provided?

    TIA!
    SAM :)

  2. virtuallynicky
    Member
    Posted 8 years ago #

    I got notified by my dashboard of the release.. but don't know what the security issue was, if that is what you mean?

  3. solutionsphp
    Member
    Posted 8 years ago #

    Ah ha! I just found it on the WP blog:
    http://wordpress.org/development/2006/06/wordpress-203/

    Wow, more than 10 days ago! I need to find more time to read feeds.

    Is it true that this vulnerability only affects blogs where users can register?

    Is it true that you need to install a plugin to fix other bugs this upgrade introduces?
    http://txfx.net/code/wordpress/wordpress-203-tuneup/

    Is WP planning a consolidated 2.0.4 release that fixes these new bugs? (If so, I will wait for this.)

    Has anyone had a look at how this bug can be remedied in 1.5.3-1beta?

    I found it earlier but can't find it now: where is the list of changed files in the new 2.0.3 release?

    Thanks again!
    SAM :)

  4. solutionsphp
    Member
    Posted 8 years ago #

    Thanks! I'm using dashlite on all my sites to speed up the admin, so I do not get feeds on my dash.

  5. Bhoney
    Member
    Posted 8 years ago #

    I found out via WordPress planet which I visit daily.Something should be added to the forums though.Who really visits those other sites?

  6. Nazgul
    Member
    Posted 8 years ago #

    And I think this blog post answers some of your questions.

  7. solutionsphp
    Member
    Posted 8 years ago #

    Thank you for the link! I will upgrade a couple of my 1.5.3-1beta sites to 2.0.3, test them out and go from there.
    http://codex.wordpress.org/Upgrading_WordPress#Detailed_Upgrade_Instructions_for_1.5.x_to_2.0.2_and_2.0_to_2.0.2

Topic Closed

This topic has been closed to new replies.

About this Topic