Pinoy Problogger

The Pinoy Bloggers’ Guide to Professional Blogging and Blog Monetization.

Wordpress 2.3.2 now available

WordPress 2.3.2 is an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. Get 2.3.2 now to protect your blog from these disclosures.

As a little bonus, 2.3.2 allows you to define a custom DB error page. Place your custom template at wp-content/db-error.php. If WP has a problem connecting to your database, this page will displayed rather than the default error message.

For more detail on what’s new in 2.3.2, view the list of fixed bugs and see the changes between 2.3.1 and 2.3.2.

Special thanks to Alex Concha for his help on this release.

Download Wordpress 2.3.2 now


WordPress 2.3.2 has been released and includes a number of changes including one security fix, here is a list of most of the changes in detail:

* Performance improvements for post sanitization when raw content is required (#5325).
* Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts. (#5487).
* Suppression of database errors unless WP_DEBUG is true (#5473).
* Check for valid database connection information during install and display and error if the install fails due to database rights (#5495).
* Support for a custom database down page to be displayed on database connection errors (#5500).
* Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types ([6450]).
* Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack (#5484).
* Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post (#5535).
* Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check (#5534).
* Addition of extra capabilites checks to xmlrpc methods ([6504]).
* Addition of extra capabilites checks to APP server ([6508]).
* Changes to validate_file() to improve its traversal attempt detection when running on windows ([6521]).

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Powered by Wordpress | WP Premium theme by WP Remix
Copyright 2007. Pinoy Problogger. All rights reserved

• Home
• About Pinoy Problogger