2010年2月17日,wordpress 2.9.2升级版本发布,按照官方blog说法,还是一个安全的升级,建议大家升级。
Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.
今天看到wordpress 2.9发布,简单来说,这个版本号增加了对于图片和视频更好的支持。目前来说视频已经成为blog内容中不可缺少的素材,blog之神作wordpress自然立马跟上。
升级到wordpress 2.9,基本正常,除了我非常喜欢和习惯的simple tag插件不能使用了这个小小的遗憾以外,希望作者尽快可以推出更新版本。
据说wordpress 2.9对于速度方面也提升了一些,慢慢体会了。
火星了,今天才看到,wordpress 2.8.5 发布了。在wordpress 2.9之前的一个小小的升级版本,主要是:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
建议大家及时用wp后台自动升级。
建议大家尽快升级wordpress到2.8.4,因为wordpress 2.8.4 修复了一处可能造成管理员密码泄露的安全漏洞。
wordpress官方介绍如下:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
这么会发布的wordpress 2.8.3主要是修复了一些安全方面的问题,wordpress官方的说明如下:
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended. Download 2.8.3, or upgrade automatically from your admin.
看来开发者在2.8.1的时候遗漏了一些必须要解决的安全问题,所幸,wordpress社区发现了这个问题,因为这个版本是关于安全方面的问题的,所以强烈建议大家升级。
最近,wordpress 的升级步伐也太快了吧,今天看到后台说 wordpress 2.8.2 已经可以升级了。去官网看了一下,这次的升级功能倒是简单:
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site.
大致意思是修复了一个后台管理的安全性错误,我也不是很清楚什么是XSS,呵呵。
对于我来说,这是一个值得高兴的日子,对于很多人来说,20万流量并不是一个很大的数字。从我将blog命名为创意纪然后搬迁到mediatemple之后,到现在约两年的时间,这个20万是一个小小的里程碑。
我比较自信的认为,接下来的20万不需要两年这么久了。
坚持一件事情,就当是自我享受吧。换来换去,换了很多域名和托管,还是可惜以前的很多文章消失无踪了,7年的blog到现在,很辛苦,很有趣。看那些评论,然后认真的回复。无聊的时候折腾一下版式,找一些插件,以及伴随着wordpress不停的升级。喜怒哀乐,都在这里,用明显或者不明显的文字,记录着,宣泄着。
两年里,流量最高的文章分别是:
1 2009美剧推荐
5 SQlite介绍
2009年7月9日,wordpress 2.8.1 发布,该版本的主要特性如下,详情可以看这里,可以通过wordpress后台自动更新,或者下载更新:
* Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
* Dashboard memory usage is reduced. Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
* The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
* A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
* Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
* Translation of role names fixed.
* wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
* Upload error messages are now correctly reported.
* Autosave error experienced by some IE users is fixed.
* Styling glitch in the plugin editor fixed.
* SSH2 filesystem requirements updated.
* Switched back to curl as the default transport.
* Updated the translation library to avoid a problem with mbstring.func_overload.
* Stricter inline style sanitization.
* Stricter menu security.
* Disabled code highlighting due to browser incompatibilities.
* RTL layout fixes.
最新评论