The popular blog platform Wordpress has been updated to version 2.3.2 today. This release is a security release that fixes a bug that allowed users to view drafted posts which is horrible for websites that make a living from blogging.
Besides this fix several other fixes have been added, one is that certain database error messages get suppressed so that a possible attacker will not be able to discover information about table structure and database limits.
There has also been some information leaks in XML-RPC and APP implementations that have been fixed with this new Wordpress version. Updating your blog is therefor recommended.
The update process itself works flawlessly even with many plugins installed. Just download the new version of Wordpress and unpack it to your system. Now copy the files of the new release over the old files and run the upgrade.php file in your admin folder afterwards. There are no database upgrades this time.
Cautious users should backup their files before they begin the upgrade and turn off all plugins before they start copying files.
Related posts:
Wordpress 2.6.1 releasedWordpress 2.7.1 Update
Wordpress 2.5 released
Wordpress 2.5.1 released
Wordpress 2.6.5 Security Update
Funny thing is: After uploading and running upgrade.php Wordpress told me: “No upgrade necessary – everythings fine!” or stuff. Is this because there are no database upgrades this time? My dashboard info tells me I’m running Version 2.3.2 now though.
Stefan yes that is the case. The update.php is only needed to update the database I think. Since there is no database update in this release running it is not needed. (I think, not tested, not researched, hehe)