2010年2月17日,wordpress 2.9.2升级版本发布,按照官方blog说法,还是一个安全的升级,建议大家升级。
Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.
今天看到wordpress 2.9发布,简单来说,这个版本号增加了对于图片和视频更好的支持。目前来说视频已经成为blog内容中不可缺少的素材,blog之神作wordpress自然立马跟上。
升级到wordpress 2.9,基本正常,除了我非常喜欢和习惯的simple tag插件不能使用了这个小小的遗憾以外,希望作者尽快可以推出更新版本。
据说wordpress 2.9对于速度方面也提升了一些,慢慢体会了。
火星了,今天才看到,wordpress 2.8.5 发布了。在wordpress 2.9之前的一个小小的升级版本,主要是:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
建议大家及时用wp后台自动升级。
建议大家尽快升级wordpress到2.8.4,因为wordpress 2.8.4 修复了一处可能造成管理员密码泄露的安全漏洞。
wordpress官方介绍如下:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
这么会发布的wordpress 2.8.3主要是修复了一些安全方面的问题,wordpress官方的说明如下:
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin.
看来开发者在2.8.1的时候遗漏了一些必须要解决的安全问题,所幸,wordpress社区发现了这个问题,因为这个版本是关于安全方面的问题的,所以强烈建议大家升级。
最近,wordpress 的升级步伐也太快了吧,今天看到后台说 wordpress 2.8.2 已经可以升级了。去官网看了一下,这次的升级功能倒是简单:
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.
大致意思是修复了一个后台管理的安全性错误,我也不是很清楚什么是XSS,呵呵。
2009年7月9日,wordpress 2.8.1 发布,该版本的主要特性如下,详情可以看这里,可以通过wordpress后台自动更新,或者下载更新:
* Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
* Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
* The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
* A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
* Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
* Translation of role names fixed.
* wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
* Upload error messages are now correctly reported.
* Autosave error experienced by some IE users is fixed.
* Styling glitch in the plugin editor fixed.
* SSH2 filesystem requirements updated.
* Switched back to curl as the default transport.
* Updated the translation library to avoid a problem with mbstring.func_overload.
* Stricter inline style sanitization.
* Stricter menu security.
* Disabled code highlighting due to browser incompatibilities.
* RTL layout fixes.
有好几位朋友报告在ie或者myie之类,看本站的时候,google广告会漂浮在文字中间,影响阅读。因为平时用ie不多,在ie8下面倒是测试过,内有什么问题。在firefox和safari下也是完全正常。估计可能是我用的wordpress中的显示google广告的插件本身或者设置有问题。我做了一点小的调整,如果原来看出来广告显示有问题的朋友,麻烦留言告知是否问题解决以及所用ie版本,谢谢!
最新评论