WordPress 2.3.3 紧急发布

这次发布的是一个紧急的版本,最主要是修复了一些安全漏洞。看一下英文版说明,本博客和河蟹娱乐也已经更新到了最新版本的了,以前有安装的就直接全部覆盖掉原来的安装文件就行。
以下引用wordpress官方博客说明

WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available.

Since we are talking security, remember to use strong passwords and change them regularly.  While you’re updating WP and your plugins, consider refreshing your passwords.


Post a Comment