RELEASE – WordPress 2.8.6 with Security Fixes

WordPress has released WordPress 2.8.6 which is a security release. Last month they released WordPress 2.8.5 which was also a security release. Wordpress : Popular Blogging Platform

As per the release note from WordPress team,

 

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.

If your WordPress users data is having some untrusted authors on your blog then you must upgrade your WordPress installation to the latest version. WordPress 2.9 is expected to release by end of this month or in early December 2009.

Download WordPress 2.8.6 or Upgrade Automatically thru Dashboard

We strongly recommend every wordpress user to upgrade their version to the latest one. WordPress is now a popular blogging platforms and very much secured. WordPress team is working really hard to cover-up any security fixes and that’s why you are seeing two updates in last two months. 

Sanjeev Mishra is a professional blogger and an Internet Marketing Consultant based in India. He has built the Internet Techies to provide you updates in technology and web application area.

9 Comments

  1. Keith Davis

    November 13, 2009 at 2:04 am

    Hi Sanjeev
    The news is travelling across the internet… 2.8.6 is out.
    I appreciate that this is all about security, but two releases in a month!

    Do you think that this will be the final revision fopr 2.8?

  2. Sanjeev Mishra

    November 13, 2009 at 3:12 am

    Hi Keith,
    Yes, 2.8.6 is out now and as this is a security update which really came as an emergency update as well. WordPress always keeps track of its updates thru tracker where nothing was scheduled as 2.8.6 but since some folks reported issues with multi author thing, then WordPress team started working on it on high priority and released this update in hurry. Hope not to get more updates in 2.8 series and to get 2.9 as the next release (condition – none of the high priority issues reported in between)

  3. Yohan Perera

    November 13, 2009 at 8:07 am

    Hi Sanjeev,

    Thanks for the news. I have a problem. My WordPress dashboard isn’t indicating that there’s an update. What shall I do? Thanks in advance…

  4. Yohan Perera

    November 13, 2009 at 8:26 am

    Hmmmmmmm, may there was little delay at wordpress.org

    The nag screen appeared in my dashboard few seconds later posting the above comment.

    May be it was something to do with my plugins. The dashboard started nagging me after deactivating all the plugins. I upgraded to the latest version and then reactivated my plugins.

  5. Sahil Kotak

    November 13, 2009 at 1:00 pm

    Just upgraded to it before few hours as my blog is also a multi-author. :)

  6. Sanjeev Mishra

    November 13, 2009 at 1:33 pm

    Hi Yohan,
    This is not related with plugins. Actually every installation of WordPress has its own update cycle of 12 hours. Your installation is having a bit late update cycle where the wordpress installations gets update notification from its SVN server. This update process repeats after 12 hours but the time is set to different for each installation. That’s why your dashboard notifies a bit late which is nothing but a response of late cycle time of your installation.

    Same is the case with update notification for plugins in wordpress. I really appreciate your efforts on virtualpreacher.

  7. Sanjeev Mishra

    November 13, 2009 at 1:35 pm

    Hi Sahil, I was not aware that sahilkotak is a multi-author blog, this Update is exactly for the same kind of platform like your blog.

  8. George Serradinho

    November 13, 2009 at 6:07 pm

    I have upgraded automatically and had absolutely no problems. I only saw the message this monring and a friend of mine saw it yesterday, thats a bit funny.

    I guess for sites that have multiple authors, this update is a BIG MUST.

  9. Yohan Perera

    November 14, 2009 at 3:55 pm

    Thanks for your concern Sanjeev. It’s a relief to know that nothing is wrong with my blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>