September 9th, 2008 by Keith

WordPress 2.6.2 Is Now Out!

Posted in Business Software, Linux, Mac OS, Site News, Solaris, Web Apps, Windows

WordPressNews for WordPress users! The next release of WordPress 2.6.2 is now available and released for your installation or upgrade, as mentioned in our previous post. According to Ryan in his blog, a critical issue that is being resolved in this version pertains to blog owners allowing open registration to the public. This was basically due to the dangers of SQL Column Truncation and weakness of mt_rand() function, as pre-warned by Stefan Esser.

Prior to this version, it is possible for anyone to create a username such that it will allow resetting another user’s password to a randomly-generated password in an open registration WordPress blog. Although not disclosed to the attacker, the problem itself is rather annoying. However, when coupled with a weakness in random number seeding in mt_rand() function, it is a security exploit as attacker is able to utilise this to predict the randomly-generated password.

Besides this, WordPress 2.6.2 also consists of several other bug fixes. All users are highly advised to upgrade to this version, for security purpose.

Download Software
WordPress 2.6.2 [tar.gz version]
WordPress 2.6.2 [zip version]

4 Responses to “WordPress 2.6.2 Is Now Out!”

  1. Just Upgraded to WordPress 2.6.2 | Secret from a Knight's Journal Says:

    [...] released today, I have little hesitation in upgrading my site to the latest version of WordPress 2.6.2. Now, the site is powered by the most up-to-date WordPress engine. I am definitely looking forward [...]

  2. Gallery of posts up to 09-09-2008 » SoftSift Says:

    [...] « WordPress 2.6.2 Is Now Out! [...]

  3. WordPress 2.6.3 Patches Snoopy Library » SoftSift Says:

    [...] after the release of WordPress 2.6.2, the next version of WordPress 2.6.3 is now available for download. In Ryan’s blog, it was [...]

  4. Hosting Says:

    thank you very good

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>




  • German Spanish French Italian Japanese Korean Portuguese Chinese