WordPress Rolls Out 2.6.2 – Its A Mandatory This Time – And How

Sathya | September 10th, 2008 - 12:19 am


The good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a loophole which occurs if your blog has registrations open.

From the horse’s mouth:

If you allow open registration on your blog, you should definitely upgrade.  With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.  The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit.  However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

Certainly seems a very important reason to update to 2.6.2. And if you find the process of upgrading WordPress blog a pain, here’s an effortless way of doing it.

If you enjoyed this post, make sure you subscribe to my RSS feed!
Tags: , , , , , , , , , , , ,
«
»

5 Responses to “WordPress Rolls Out 2.6.2 – Its A Mandatory This Time – And How”

  1. Regnbage says:
    January 14, 2009 at 6:22 pm

    Sounds like I should do an upgrade even though i hate it! :)

    Reply
  2. ???? says:
    February 15, 2009 at 1:21 pm

    ???????, ???? ????????!

    Reply
  3. ??????? says:
    February 20, 2009 at 9:57 am

    ????? ???????))))??? ???????, ? ? ??? ???? RSS ????? ? ???? ??????

    Reply
  4. sweety says:
    March 20, 2009 at 9:37 pm

    how to install wordpress on blogger can any help it out

    Reply
    • Sathya says:
      March 20, 2009 at 10:45 pm

      Sweety, Blogger and WordPress are 2 mutually exclusive blogging platforms, you cannot install blogger on top on WordPress or WordPress on top of Blogger.

      Reply
You can leave a response, or trackback from your own site.

Leave a Reply