WordPress 2.8.5发布
虽然近段时间WordPress在研发WordPress 2.9,但是同样没有放弃对2.8系列的更新。WordPress团队发布了WordPress 2.8.5。
更新日志:
WordPress的2.8.5:发布09年10月20号由彼得。维斯特伍德发布,分类:版本,安全。
正如你知道在过去几个月,我们一直在为WordPress 2.9的新功能的工作。我们也一直在试图使WordPress的尽可能的安全,在此,我们已经确定了安全强化的变化我们认为是值得重新移植到低版本2.8上,以便让这些进行改善,并尽量让所有功能使您的网站尽可能安全。
本次升级修改内容为:
修正引用通告拒绝修复服务攻击,目前已经出现了。
清除可移除区域内在PHP代码中变量的代码进行了评估。
切换的上传文件功能,为所有用户的白名单,其中包括管理员。
退居二线的老插件标签数据的两个入口。
我们建议,所有网站都升级到这个新版本的WordPress,以确保您有最好的保护。
如果您认为您的网站可能已被击中最近攻击之一,你想确保您已清除出了漏洞,我们建议您采取的行动,看WordPress的漏洞扫描器的所有痕迹。这是一个插件的搜索网站上的文件和你的职位和数据库的任何可疑的意见表。它还检查您的文件名的不寻常的积极插件列表。你可以阅读更多有关此插件在这里- “WordPress的漏洞扫描”
WordPress 2.8.5: Hardening Release
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection.
If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner. This is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. You can read more about this plugin here – “WordPress Exploit Scanner“