Version 2.8.4 of WordPress was released on Wednesday. With this program, which is made available under the gpl license, it is possible to set up and maintain a weblog. WordPress can be up and running within five minutes, provided a server with PHP and MySQL is already available. In addition to blogging, it is also possible to further expand the functionality of WordPress and improve the appearance through plugins and themes to adjust. Version 2.8.4 was released to fix a security issue:
WordPress 2.8.4: Security Release
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
|Operating systems||script language|