Published by
Tyler on
February 15, 2010 at
10:11 pm
WordPress 2.9.2 was released earlier today. You can download it here. This fixes a problem that allows users that are logged in to view trash posts authored by other users.
Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.
Thomas Mackenzie goes into much greater detail about the problem on his site. Check his site out for more info on why the 2.9.2 release was necessary.
Published by
Tyler on
January 19, 2010 at
2:41 pm
Unwakeable 1.5.3 is available for download. This version is built off K2 1.0.3 and should work beautifully with WordPress 2.9+. You can head over to the Unwakeable page to get the download, or you can grab it here.
K2 1.0 added more support for WordPress 2.9. For example, K2 1.0 supports new WordPress features such as post thumbnail images. One of the more noticeable changes to K2 since the 1.0 release is the absence of SideBar Manager (SBM). It sounds like it was simply too much work to maintain SBM, and was beyond the scope of what K2 is:
It’s worth mentioning that the last remnants of the old SideBar Manager, or SBM, have now been removed from the codebase. It started out as a fully-fledged replacement for WP’s lacking widgets system and ended up as a patch-of-sorts to the widget system, allowing for widgets to be placed only on specified pages. But in the end, while the native widget system is still very much in need of an update, it didn’t feel right for K2 to try and cover that particular area of the administration interface. And besides, other plugins for doing just that exist already.
So instead of spending our time patching that system for an ever-changing WordPress, our time is probably better spent on more theme-specific functionality, like the rolling archives or livesearch systems, as well as keeping up with new WordPress features, like for instance Post Thumbnails.
Rather than break down all of what’s changed in recent versions of K2, I’m going to make it easy on myself and direct you to the K2 1.0 release announcement. Just know that Unwakeable 1.5.3 sports all the features found in K2 1.0.3. You can comment on this post or on the Unwakeable page with questions or comments.
Published by
Tyler on
January 19, 2010 at
11:13 am
WordPress 2.9.1 was released a little over two weeks ago. You can download it at the usual location.
From the release announcement:
This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts. If any of these issues affect you, give 2.9.1 a try. Download 2.9.1 or upgrade automatically from the Tools->Upgrade menu in your blog’s admin area.
WordPress 2.9.1 came less than a month after WordPress 2.9.
Published by
Tyler on
November 14, 2009 at
9:32 am
WordPress 2.8.6 is available for download. It’s another security release and was released two days ago. Below is a summary from the WordPress development blog:
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
You can download WordPress 2.8.6 here.
Published by
Tyler on
October 21, 2009 at
8:15 am
WordPress 2.8.5 has been released. This is another security release, just like the 2.8.4 release. As with the last release, the SANS Internet Storm Center has another post about the latest WordPress.
The WordPress team decided to call 2.8.5 a hardening release because it includes some security features that were back-ported to 2.8.x from the upcoming 2.9 series. Below are some details about 2.8.5 from the WordPress development blog:
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
You can download WordPress 2.8.5 here.
Published by
Tyler on
August 13, 2009 at
1:39 pm
For some time now, comments have been disabled on pages in K2 and Unwakeable. The modifications needed to allow comments on pages are extremely easy to make. If you use either of these themes and wish to enable comments on pages, please continue reading.
1. Open the page.php file located in your K2 or Unwakeable theme directory. Go to line 36, it should look like this:
<?php if ( get_post_custom_values('comments') ): ?>
2. Comment out that if statement, so it should look like this when you’re done:
<?php //if ( get_post_custom_values('comments') ): ?>
3. You’re halfway done at this point. Now go to line 40, which should look like this:
<?php endif; ?>
4. Comment out this piece of code as well, so modify line 40 so it looks like the code below.
<?php //endif; ?>
5. Save the page.php file and you should be all set.
I will make this modification in the next release of Unwakeable so you won’t have to modify it yourself. You can expect to see a new version of Unwakeable released within a week.
