Comments on: It’s time to upgrade WordPress http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/ wordpress tricks, hacks, and tips Mon, 06 Sep 2010 19:29:59 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Ryan http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-810 Ryan Tue, 05 Feb 2008 13:52:58 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-810 In case my interpretation is wrong ... "A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog." My impression from the above quote was that the user would need to be registered with your blog to do any damage. In case my interpretation is wrong …

“A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog.”

My impression from the above quote was that the user would need to be registered with your blog to do any damage.

]]> By: Ryan http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-809 Ryan Tue, 05 Feb 2008 13:26:57 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-809 Looks like 2.3.3 is upon us! According to WordPress it is an urgent security release due to other registered users of your blog having the ability to edit any page on your blog. http://wordpress.org/development/2008/02/wordpress-233/ Of course, if you don't allow people to register then it shouldn't matter and you won't need to upgrade - although they haven't mentioned that in the official release. Looks like 2.3.3 is upon us!

According to WordPress it is an urgent security release due to other registered users of your blog having the ability to edit any page on your blog.

http://wordpress.org/development/2008/02/wordpress-233/

Of course, if you don’t allow people to register then it shouldn’t matter and you won’t need to upgrade – although they haven’t mentioned that in the official release.

]]> By: Ryan http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-806 Ryan Tue, 01 Jan 2008 22:48:31 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-806 Forrest - what do you mean by "compressed archive"? And what makes it different from previous WordPress upgrades? Forrest – what do you mean by "compressed archive"? And what makes it different from previous WordPress upgrades?

]]> By: Forrest http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-807 Forrest Tue, 01 Jan 2008 19:59:27 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-807 Sadly, this one is a compressed archive full of PHP files.  If you've made changes to some of the core files, outside your template - like I have - this is a much more complicated upgrade than others have been... Sadly, this one is a compressed archive full of PHP files.  If you’ve made changes to some of the core files, outside your template – like I have – this is a much more complicated upgrade than others have been…

]]> By: Lynne http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-808 Lynne Tue, 01 Jan 2008 17:23:29 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-808 I'm not looking forward to this, every time I try anything with this blog something goes terribly wrong!  Oh well, what choice do I have?! :-D I’m not looking forward to this, every time I try anything with this blog something goes terribly wrong!  Oh well, what choice do I have?! :-D

]]> By: Miriam Schwab http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-804 Miriam Schwab Mon, 31 Dec 2007 07:30:47 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-804 Ryan, that is such a good idea! But I'm guessing that would cause a lot of problems for WordPress since you'd have people running different versions and there would have to maybe be all sorts of branches of WordPress. But I am getting sick of upgrading for every little thing, especially when we're managing so many WordPress sites. Ryan, that is such a good idea! But I’m guessing that would cause a lot of problems for WordPress since you’d have people running different versions and there would have to maybe be all sorts of branches of WordPress. But I am getting sick of upgrading for every little thing, especially when we’re managing so many WordPress sites.

]]> By: Ryan http://wpgarage.com/news-views/its-time-to-upgrade-wordpress/comment-page-1/#comment-805 Ryan Sun, 30 Dec 2007 22:04:07 +0000 http://wordpressgarage.com/news-views/its-time-to-upgrade-wordpress/#comment-805 Miriam - I think you meant 2.4 above, not 2.3. The customised error template sounds like a great idea. I've meaning to figure out how to hack that thing for a while now, but this should make it much easier. Perhaps WordPress needs to setup a tier of upgrade levels? Perhaps green, yellow, orange and red where red means upgrade fast or your site will get hacked, orange means upgrade due to minor security problems, yellow means upgrade if you use the specific functions of WordPress which have security problems and green means there's no security updates, but upgrade if you want the extra functions they've added. Under that system I'm assuming this latest update would be a yellow, in which case we could just go check what's wrong with our current installs and if the security problems aren't major then wait till the upgrade reaches orange, or red if we're really keen. Just an idea ... Miriam – I think you meant 2.4 above, not 2.3.

The customised error template sounds like a great idea. I’ve meaning to figure out how to hack that thing for a while now, but this should make it much easier.

Perhaps WordPress needs to setup a tier of upgrade levels? Perhaps green, yellow, orange and red where red means upgrade fast or your site will get hacked, orange means upgrade due to minor security problems, yellow means upgrade if you use the specific functions of WordPress which have security problems and green means there’s no security updates, but upgrade if you want the extra functions they’ve added.

Under that system I’m assuming this latest update would be a yellow, in which case we could just go check what’s wrong with our current installs and if the security problems aren’t major then wait till the upgrade reaches orange, or red if we’re really keen. Just an idea …

]]>