September 9th, 2008 by Keith
WordPress 2.6.2 Is Now Out!
Posted in Business Software, Linux, Mac OS, Site News, Solaris, Web Apps, Windows
News for WordPress users! The next release of WordPress 2.6.2 is now available and released for your installation or upgrade, as mentioned in our previous post. According to Ryan in his blog, a critical issue that is being resolved in this version pertains to blog owners allowing open registration to the public. This was basically due to the dangers of SQL Column Truncation and weakness of mt_rand() function, as pre-warned by Stefan Esser.
Prior to this version, it is possible for anyone to create a username such that it will allow resetting another user’s password to a randomly-generated password in an open registration WordPress blog. Although not disclosed to the attacker, the problem itself is rather annoying. However, when coupled with a weakness in random number seeding in mt_rand() function, it is a security exploit as attacker is able to utilise this to predict the randomly-generated password.
Besides this, WordPress 2.6.2 also consists of several other bug fixes. All users are highly advised to upgrade to this version, for security purpose.
Download Software
WordPress 2.6.2 [tar.gz version]
WordPress 2.6.2 [zip version]
September 9th, 2008 at 1:53 am
[...] released today, I have little hesitation in upgrading my site to the latest version of WordPress 2.6.2. Now, the site is powered by the most up-to-date WordPress engine. I am definitely looking forward [...]
September 10th, 2008 at 12:01 am
[...] « WordPress 2.6.2 Is Now Out! [...]
October 24th, 2008 at 7:05 am
[...] after the release of WordPress 2.6.2, the next version of WordPress 2.6.3 is now available for download. In Ryan’s blog, it was [...]
August 4th, 2009 at 4:58 pm
thank you very good