Wordpress Update 2.8.6

November 14, 2009 | By eric | 3 Comments »

Just a quick update here.

This new version of Wordpress is not showing on my dashboard yet and probably not even on your site as well. I think this is a record breaker version also for the fastest security update since the previous version (23 days after the 2.8.5 upgrade).

It is always recommended to update to a new version of Wordpress as soon as possible and especially so for a security release .

This update fixes two security problems.

1. XSS vulnerability in Press This.

2. Sanitizing uploaded file names that can be exploited in certain Apache configurations.

Is this version really for you?

Here’s the straight fact: If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

Really it’s up to you. This update was really unexpected.

There’s no harm in upgrading, though.

Related Posts:

Tagged: wordpress update
Category: Blogging, Webhosting, wordpress

RSS feed | Trackback URI

3 Comments »

Comment by TheFlyOnTheWall

2009-11-16 11:31:00

I tried the update with the automatic button and got errors. So I researched the problem and it seems a lot of people are getting errors and having problems. And if they do get it updated there still seems to be flaws. I think I will wait a while

Reply to this comment

Comment by Holly Jahangiri

2009-11-24 11:17:34

I have tried the update twice, unsuccessfully. It corrupted my blog, and I had to restore the files. I think I’ll skip this one and hope the next update comes out cleaner.

Reply to this comment