WordLog

A weblog authored by Carthik about the latest in the WordPress world.

Thursday, May 17, 2007

WordPress 2.2 “Getz” Security Upgrade

Filed under: — Carthik @ 6:13 pm

I had written in the post describing 2.2’s arrival that there was no mention, and it wasn’t clear from the WordPress bug tracker whether 2.2 included any security updates.

The recently married Mark has left us a comment saying WordPress 2.2 Getz includes some security fixes. As with all upgrades that include security fixes, you are encouraged to upgrade to this release as soon as you can. You don’t want any holes, big or small in your WordPress blog. The reason I upgraded WordLog and resumed posting is because someone used a hole in the old, un-upgraded version to upload copies of movies, including Hannibal Returns to my VPS. Yes, it can get that ugly! So upgrade now.

24 Comments

  1. Well, if hacking your site was necessary to get your writing about WordPress again, then I am thankful to whoever did it ;-)

    Comment by Lloyd Budd — 5/17/2007 @ 6:28 pm

  2. Interesting that in his blog, Mark supposedly have written, following:

    “I’ll have upgrade files for 2.0.11 once it is released, and if 2.2 sees any security/bugfix releases, I’ll do upgrade files for those too.”
    Source =
    http://markjaquith.wordpress.com/2007/05/16/use-official-packages-for-22/

    Comment by Niko Neugebauer — 5/17/2007 @ 6:34 pm

  3. [...] upgrade the wordpress, i have noticed a new article at the Wordpress dashboard, referring the security fixes that the new Wordpress version [...]

    Pingback by As good as Wordpress “Getz” — 5/17/2007 @ 6:50 pm

  4. Wow.. its hard to me to uploads file again. Can you give me some information, which impotent file that I must upload

    Comment by Belajar WordPress — 5/17/2007 @ 9:01 pm

  5. [...] ĝisdatigita eldono havas iuj sekurecaj riparoj. Ankaŭ ekzistas tri utilaj plibonigoj por alĝustigantoj. La plej escita el tiuj estas la [...]

    Pingback by La domo de karotoj » WordPress 2.2 — 5/17/2007 @ 10:14 pm

  6. “He said ‘impotent file’ heh, heh.”

    “Shut up Beavis.”

    ;)

    Comment by Chris Wondra — 5/17/2007 @ 11:35 pm

  7. :)

    Upgrading/moving sites – NOT fun.

    Comment by Carthik — 5/17/2007 @ 11:56 pm

  8. Belajar, maybe you should think of moving to a host, or requesting ssh access on your current host. It is a lot easier and takes a lot less time to upgrade/manage your site with ssh access.

    Comment by Carthik — 5/17/2007 @ 11:57 pm

  9. Thanks for letting us know, do you know if there are any security holes in 2.0.10? or were the fixes specific to the 2.1 series ?

    Comment by Nick — 5/18/2007 @ 4:59 am

  10. Upgrading is pretty easy Belajar. You should be able to download the newest wordpress and upload over your old wordpress. (I’d make a copy just in case.)

    I keep waiting for wordpress to have an automatic update feature… =)

    Comment by NDDB — 5/18/2007 @ 5:44 am

  11. I run a server with a about a dozen Wordpress blogs, and the ones that are running 2.1.3 won’t come up. The front page won’t come up, but individual posts (if you know their URL) and the admin pages will.

    I’m not sure if this is related to something wacky on the server or not. OTHER versions of WP, (2.2 and not recently updated 2.05) DO come up just fine.

    Comment by Walt — 5/18/2007 @ 8:28 am

  12. Walt,

    Sounds like there might be a broken plug-in that’s called only on the front-page of the blogs, or maybe some broken main page template code that doesn’t affect the individual post pages.

    Comment by Geren — 5/18/2007 @ 8:35 am

  13. First step, turn off all plugins. Site comes up fine. Turn on Akismet again, the front page of the site won’t load. I’m trying to repeat this.

    Apologies to vent here.

    I’ll be updating the WP to the latest version, but I’m trying to figure out what is wrong before I do that.

    Comment by Walt — 5/18/2007 @ 8:43 am

  14. Okay, updating didn’t help, so I know it’s not wordpress, nor a hack.

    I think the issue was something to do with the server. Well, since **I’m** the server guy, too, it’s not like I can complain. Apparently, there was a kernel upgrade on Apache? I updated that, rebooted the server and all looks right with the world. CentOS

    But why on earth would only some installs of WP be affected? That’s so weird!

    Figured I’d post this here. I’ll continue to test and may post again.

    Comment by Walt — 5/18/2007 @ 10:24 am

  15. To the guy having problems…. I installed both upgrades – 2.2 RC1 and this one and both times I had issues with there being an error page or something coming up. I think at times some files stop uploading briefly and instead of finishing, moves on to the next file so there may be a file or two you have to upload again.

    Comment by Derek Burress — 5/18/2007 @ 11:32 pm

  16. Upgrading from the command line, using ssh or rsync is probably best for those who have an ssh login at their host.

    Comment by Carthik — 5/19/2007 @ 2:39 am

  17. Yes, upgrade now but you see there are some minor glitches that may keep webmasters back from upgrading. If you want to upgrade though, i have written a guide for upgrading to WordPress 2.2. It’s pretty straightforward and contains images along with the instructions.

    Comment by Pufone — 5/19/2007 @ 8:28 am

  18. The reason I upgraded WordLog and resumed posting is because someone used a hole in the old, un-upgraded version to upload copies of movies, including Hannibal Returns to my VPS.

    Did you alarm about that before WP 2.2 was released?

    Comment by Truden — 5/19/2007 @ 2:10 pm

  19. Truden,

    I upgraded to 2.1.something when I had the issue.

    Comment by Carthik — 5/19/2007 @ 3:40 pm

  20. Thanks for letting us know, do you know if there are any security holes in 2.0.10? or were the fixes specific to the 2.1 series ?

    Some of the holes in 2.1.3 were also in 2.0.10 These fixes have been applied to /branches/2.0/ and we should be releasing 2.0.11 soon. If you can’t wait, you can use Subversion to check out in-progress version of 2.0.11 from that 2.0 branch. The only way it’ll be updated is if there is an issue with our current changes or if an additional security issue comes to light in the next few days.

    Comment by Mark Jaquith — 5/19/2007 @ 4:52 pm

  21. I’m a little surprised that so few files had any major changes. Using WinMerge I like to look and see what each update entails and there were a lot less than I had guessed.

    Interesting post none the less about security upgrades

    ~ Jared Ritchey

    Comment by Jared Ritchey — 5/19/2007 @ 11:31 pm

  22. Some of the holes in 2.1.3 were also in 2.0.10

    Thanks for the update :)

    Comment by Nick — 5/20/2007 @ 8:14 am

  23. I have upgraded my site to WP version 2.2. However, after the upgrade, I realised I could not upload files from the Admin Panel itself. I wonder what could have gone wrong?

    Comment by Keith — 5/23/2007 @ 12:23 am

  24. WP 2.2 have bug,……”i can’t add new categories” ..Forbidden
    You don’t have permission to access……help!

    Comment by zoel — 5/23/2007 @ 5:03 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

 

Powered by WordPress

eXTReMe Tracker