Sathya Says

Your One Stop Source to All Things Linux & OpenSource

WordPress Rolls Out 2.6.2 - Its A Mandatory This Time - And How

The good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a loophole which occurs if your blog has registrations open.

From the horse’s mouth:

If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

Certainly seems a very important reason to update to 2.6.2. And if you find the process of upgrading WordPress blog a pain, here’s an effortless way of doing it.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Possibly Related posts:

• WordPress 2.7 Beta 1 is out, November 10 release gets delayed

• [How To]Automatically Backing Up And Upgrading Your WordPress Installation And WordPress Database

• Celebrate the Holiday Spirit with some KDE Christmas Wallpapers

• A New Look For Sathya Says

• Making Dolphin the Default File Manager

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Powered by Wordpress | WP Premium theme by WP Remix
Copyright 2007. Sathya Says. All rights reserved

• Home
• Contact Me
• Linux Install Guide
• Linux Switchover Guide
• Multimedia support in Linux
• My World