WordPress releases 2.0.7; Security Bugs squashed

WordPress

The WordPress team has just released WordPress 2.0.7.

It fixes a PHP security problem. This problem effects only certain versions of PHP. It also fixes the Feedburner issue I reported earlier.

If you haven’t upgraded to even 2.0.6, I recommend that you upgrade your blog ASAP, because all versions prior to 2.0.6 have a big security bug.

If you are already running 2.0.6, then you only need to upload these files:

  • wp-admin/inline-uploading.php
  • wp-admin/post.php
  • wp-includes/classes.php
  • wp-includes/functions.php
  • wp-settings.php
  • wp-includes/version.php

Changes since 2.0.6 from the dev-blog:

  • Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to "On".
  • Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
  • Backport of another 304 Not Modified fix from WordPress 2.1
  • Deleting WordPress Pages no longer gives an "Are You Sure?" prompt.
  • After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
  • Sending an image at original size in Internet Explorer no longer adds an incorrect height attribute.

Like I stated, please do upgrade your version of WordPress ASAP to ensure that you blog is safe and secure.

Leave a Reply

%d bloggers like this: