I woke this morning to a notification about a new version of WordPress, it’s now 2.8.6. This version is for sites that have multi-authors. If you don’t have other authors, then I still think you should upgrade.
Many sites have opened up to the idea of guest posts and this release will help those sites in protecting themselves. One would rather be safe than sorry.
The 2 fixes are:
- An XSS vulnerability in Press This discovered by Benjamin Flesch.
- Problem discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
Thanks to Benjamin and Dawid for finding and reporting these issues.
Please remember to backup of your database and files before upgrading.
Get WordPress version 2.8.6 now
P.S. I upgraded automatically and had no problems at all.
Final Thought
Would like to know if you have upgraded to the new version already? Are you using an old version? Did you upgrade manually or automatically? Do your site a multi-author site?
I am the proud owner of Serradinho.com and have made this my second home. I'm into blogging, downloads, WordPress, meeting and helping others, etc. Basically the internet in general :) Serradinho Web Services is my own company whereby I offer my services to clients. This ranges from web design, website upgrades, theme customizations, support, premium WordPress plugins and many more .....
View all posts by George Serradinho, there might be other posts that interest you.
{ 36 comments }
I did this right away when the alert appears on my admin area. Thanks anyway
.-= Tinh´s last blog ..WordPress 2.8.6 Security Release =-.
I was still contemplating whether to move to 2.8.5 when this one has already arrived..will upgrade right away
.-= Anand Srinivasan´s last blog ..Submit An Idea To Google Wave Team =-.
@Anand – try and keep your WordPress up to date, otherwise you run the risk which could cost you later.
George, I have heard that it is always better to wait for a few days before upgrading since you give enough time for plugin developers to upgrade it sufficiently…
But you are right, and I have already upgraded to 2.8.6 on all my three blogs.
.-= Anand Srinivasan´s last blog ..Submit An Idea To Google Wave Team =-.
@Anand – I hear some users wait a while, but thats not me. I just jump in
They have 2.8.6 in their repository already now? Lol, I am still using 2.8.3
@James – I suggest you upgrade ASAP, I think you have missed a few updates already.
Even though I am the only one who has authority to post on my blogs, I still upgraded all my blogs. Why not when it’s so easy to do, now that its automated.
.-= Sire´s last blog ..The Myth That DoFollow Leaches Your PR =-.
@Sire – yes, they made it easier now with the automated upgrade. Funny thing is that I have never had issues with upgrading. I sometimes find users who had problems, etc. Thank God I have been blessed with not having issues
I’ve only ever had one issue, but that was because of something I did. The auto upgrade feature takes that problem away.
.-= Sire´s last blog ..The Myth That DoFollow Leaches Your PR =-.
@Sire – most problems I come across is because of my own doings, funny hey!
Yeah, especially because when it happens it’s because you usually take shortcuts rather than doing it properly. One day I will learn
.-= Sire´s last blog ..Three Ways To Increase Your Ad Space Earnings =-.
Thanks for sharing this with us. I always backup my data before ugrading to any wordpress release
.-= Vivek´s last blog ..InfoEduTech: Success or Failure =-.
@Vivek – I use to just backup my database, now I backup my database as well as my theme files. This is just to ensure that if something went wrong, that I had a backup to refer to.
I upgraded automatically but for the security concern I have taken complete back up..
.-= Theme Premium´s last blog ..Optimize Wordpress Database With Wp-Optimize Wordpress Plugin =-.
@Theme Premium – rather be safe than sorry
Backups will always be handy when something goes wrong.
I don’t need the fix but I upgraded anyway since I prefer to be on the latest version.
.-= Gabe | freebloghelp.com´s last blog ..WordPress 2.8.6 released =-.
@Gabe – you are correct in upgrading. I have seen users still on old versions, which might result in a security breach. There are some users who don’t want to upgrade as they have customized plugins that were created and don’t know if the upgrade will work or break their site.
this morning wp alert me to update, because it just one click away so there is no reason for not updating.. and this release just update some bug not changing lot of thing so i don’t think any plugin have problem with it.
I upgraded and everything seems ok too. Needless to mention that some plug-ins will inform us to update too and this depends on what plug-ins we installed. Thanks Geroge for the update
.-= Hicham´s last blog ..Justice and Stereotype =-.
I’ll have to ask my IT gal, she just upgraded me to 2.5 (I think.) I will probably hold off a while.
One thing I DO want to get is Lightbox2 for the photos in my posts to make ‘em real real big. You know much about that?
.-= Jannie Funster´s last blog ..First Pictures With My New iPhone 3GS =-.
I really do get so tired of updating Wordpress it’s not even funny, now I almost feel like I need to make an announcement post for the bloggers that read my blog.
Hopefully everyone read it here first
.-= Extreme John´s last blog ..10 Most Wanted Wordpress Plugins =-.
@Extreme John – if you don’t have guest bloggers then you don’t have to update. I do understand your frustration, but updates will continue as long as users try and break sites. It’s for our own safety buddy.
better to wait and check out a few reviews before upgrading your wordpress versions… I’ve suffered major setbacks due to this….
Im still running on 2.7
Cheers
Sandeep
.-= Curious Little Person´s last blog ..The Truth about Duplicate Content Penalty =-.
@CLP – just wanted to say that your comments are landing in my spam because of the url you are using. I don’t mind the comments, but please don’t use the url you always use on my site as I always edit it. I’m not going to say the url, but you know exactly what I’m talking about.
As for your comment – I don’t think it’s a good idea to be on WP 2.7 as there have been many improvements and security patches. You will suffer more that you are way behind on updates. I urge you to rather make a full backup of your database and files/images and upgrade.
I will update later today. But, I really wish that Wpress would also start releasing incremental update files. I am sure that most of the files from v2.85 haven’t even been touched. But, I would have to upload them all – which takes a 15-20 minutes.
And the built in auto-update never works for me.
.-= Pallab´s last blog ..Three Really Cool Futuristic Tech Videos from Microsoft =-.
@Pallab – not to be funny, but why so long? Even if I had to copy all the WP files across, it would not take more than 3 minutes and that includes uploading my Thesis theme folder as well. Please explain in detail why so long?
I think its a pretty good update and well its getting closer and closer to 2.9..
.-= Melvin´s last blog ..The Death Of Site Flipping =-.
I upgraded to 2.8.6 , without problems, thanks for sharing the information.
.-= Ruchi´s last blog ..Is Excessive Blogging Hurting your Relations =-.
People have started using XSS vulnerabilities to hack in a lot of cases. I was taught XSS during my Information Security classes. Wordpress must surely be secure from XSS and good work from Wordpress team.
.-= Tech-Freak Stuff´s last blog ..5 Most Popular Myths regarding Alexa Rank =-.
@Tech-Freak Stuff – the WP team does work hard and it’s also the community which helps out with details.
I have already upgraded to the latest version
The best part is, that it is automated !!
.-= Raj´s last blog ..Affirmations for developing Positive Self Esteem !!! =-.
@Raj – it makes life easier when it’s automated, no fuss at all.
Thanks Benjamin and Dawid!
And also thanks George.. for letting us know this..
.-= S.Pradeep Kumar´s last blog ..40+ Websites For Copyright And Royalty Free Photos =-.
yep, its good to upgrade in time, last time one of my blogs got hacked because some one went inside the dashboard…
.-= Uttoran Sen´s last blog ..Utilize Two OS in a Single PC – Windows 7 with Vista or XP =-.
@Uttoran – maybe have a look and Login LockDown and other security plugins to help combat that, just a suggestionj
Comments on this entry are closed.