A ‘Sort Of’ Urgent Update for WordPress - 2.3.3

An urgent security upgrade, 2.3.3 fixes a bug allowing users to access others’ posts.

However, it seems to be isolated to this single issue (there are bug fixes included, but all are considered minor), and the site recommends a single file upgrade, xmlrpc.php

A quick check of the file shows that all the changes are behind a login verification; this means that unless you are sharing your blog, upgrading is not urgent.

However, if you have others logging into your blog, the code is important to keep them from having too much access to other’s posts.

Unfortunately sites that are using WordPress as membership sites (by allowing members to log in) will be the hardest hit. With a larger number of users accounts, chances are better that someone will want to see ‘just what happens’. In that case, I’d recommend a speedy upgrade by dropping in the new xmlrpc.php file.

And of course if you are setting up new blogs, use 2.3.3 right away - with so few changes, and a necessary security upgrade, it should cause no problems for anyone.

(Note: ActiveBlogging.com uses a different script, and so is not affected).

ActiveBlogging.com - for information on making your blog successful! Get information like this - and more - inside! Details here or Join Today!

This entry was posted Tuesday, February 5th, 2008, 2:23 am and is filed under General. You can follow any responses to this entry through the feed. Comments are closed. You can use this trackback URl.

Comments are closed.