ghacks Technology News

WordPress 2.8.6 Security Update

The WordPress developers have just released a security update for their blogging platform WordPress which raises the version of the software to 2.8.6. It is always recommended to update to a new version of WordPress as soon as possible and especially so for a security release. This release fixes two vulnerabilities that are only relevant for multi-author blogs as they can only be exploited by registered, logged in users with posting rights. This security vulnerability is therefor not affecting the majority of WordPress blogs but those webmasters should nevertheless consider upgrading their blog software right away.


The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

The upgrade is as usual available through various means with the two most popular ones being through an automatic update in the WordPress admin interface and the second trough a download from the official WordPress website. The first is faster and more comfortable while the second offers more control to the user especially if something goes wrong.

This WordPress update does not require an update of the WordPress database. It is however recommended to perform a backup of both the WordPress files on the web server and the MySQL database to be prepared if the update should fail for any reason.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

WordPress 3.03 Security Update Released
WordPress 2.6.5 Security Update
WordPress 2.8.5 Security Update
WordPress 3.1.4 Security Update Released
WordPress 3.1.3 Security Update Released



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Friday November 13, 2009 -
Tags:, ,

Previous Post: Read your RSS feeds on your Linux desktop with Liferea

Next Post: Save Websites With Mozilla Archive Format

Click on the following link(s) to read more about The Web

Responses so far:

  1. Harsh Agrawal says:
    November 13, 2009 at 4:05 am

    This update was really unexpected.. though this update seems to be only for those
    who have multi author blogs or is it for every one?

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts


Follow This Blog

Ghacks Newsletter
RSS Feeds
Google+ Page
Facebook Fan Page
Twitter



Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us