Joeychgo
12-30-2007, 05:34 PM
WordPress 2.3.2 has been released (http://wordpress.org/development/2007/12/wordpress-232/) and includes a number of changes including one security fix, here is a list of most of the changes in detail:
Performance improvements for post sanitization when raw content is required (#5325 (http://trac.wordpress.org/ticket/5325)).
Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts. (#5487 (http://trac.wordpress.org/ticket/5487)).
Suppression of database errors unless WP_DEBUG (http://westi.wordpress.com/2007/09/30/wordpress-weekly-digest-24th-september-to-30th-september-2007/) is true (#5473 (http://trac.wordpress.org/ticket/5473)).
Check for valid database connection information during install and display and error if the install fails due to database rights (#5495 (http://trac.wordpress.org/ticket/5495)).
Support for a custom database down page to be displayed on database connection errors (#5500 (http://trac.wordpress.org/ticket/5500)).
Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types ([6450] (http://trac.wordpress.org/changeset/6450)).
Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack (#5484 (http://trac.wordpress.org/ticket/5484)).
Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post (#5535 (http://trac.wordpress.org/ticket/5535)).
Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check (#5534 (http://trac.wordpress.org/ticket/5534)).
Addition of extra capabilites checks to xmlrpc methods ([6504] (http://trac.wordpress.org/changeset/6504)).
Addition of extra capabilites checks to APP server ([6508] (http://trac.wordpress.org/changeset/6508)).
Changes to validate_file() to improve its traversal attempt detection when running on windows ([6521] (http://trac.wordpress.org/changeset/6521)). For a complete list of all the changes you can read this section of the branches/2.3 log (http://trac.wordpress.org/log/branches/2.3?action=stop_on_copy&rev=6527&stop_rev=6322&mode=stop_on_copy).
No Tags
Share This (http://www.joeychgo.com/?p=277&akst_action=share-this)
More... (http://feeds.feedburner.com/~r/Joeychgo/~3/208691638/wordpress-232-has-been-released)
::This post is taken from the Blog of Joeychgo www.joeychgo.com
Performance improvements for post sanitization when raw content is required (#5325 (http://trac.wordpress.org/ticket/5325)).
Changes to is_admin() to ensure that it is only true for admin pages thereby protecting against exposing draft posts. (#5487 (http://trac.wordpress.org/ticket/5487)).
Suppression of database errors unless WP_DEBUG (http://westi.wordpress.com/2007/09/30/wordpress-weekly-digest-24th-september-to-30th-september-2007/) is true (#5473 (http://trac.wordpress.org/ticket/5473)).
Check for valid database connection information during install and display and error if the install fails due to database rights (#5495 (http://trac.wordpress.org/ticket/5495)).
Support for a custom database down page to be displayed on database connection errors (#5500 (http://trac.wordpress.org/ticket/5500)).
Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types ([6450] (http://trac.wordpress.org/changeset/6450)).
Changes to wp-mail.php to escape the error messages when displaying them to avoid a possible XSS attack (#5484 (http://trac.wordpress.org/ticket/5484)).
Changes to ensure that the post password is only exposed by the xmlrpc method metaWeblog.getRecentPosts to users with rights to edit a post (#5535 (http://trac.wordpress.org/ticket/5535)).
Changes to the information exposed the wp.getAuthors xmlrpc method to reduce the information exposed and add a capabilites check (#5534 (http://trac.wordpress.org/ticket/5534)).
Addition of extra capabilites checks to xmlrpc methods ([6504] (http://trac.wordpress.org/changeset/6504)).
Addition of extra capabilites checks to APP server ([6508] (http://trac.wordpress.org/changeset/6508)).
Changes to validate_file() to improve its traversal attempt detection when running on windows ([6521] (http://trac.wordpress.org/changeset/6521)). For a complete list of all the changes you can read this section of the branches/2.3 log (http://trac.wordpress.org/log/branches/2.3?action=stop_on_copy&rev=6527&stop_rev=6322&mode=stop_on_copy).
No Tags
Share This (http://www.joeychgo.com/?p=277&akst_action=share-this)
More... (http://feeds.feedburner.com/~r/Joeychgo/~3/208691638/wordpress-232-has-been-released)
::This post is taken from the Blog of Joeychgo www.joeychgo.com
