A security update has been issued for WordPress. This release, version 2.0.5, includes security fixes and is recommended for all users. The release notes are available here. Read the Favored Freeware entry for WordPress here.
Thanks for spreading the word about the update. With the number of people still running older releases, and the major security holes that continue to be closed in each 2.0.x release, it is very important to get everyone off of the older versions. The two biggest reasons to upgrade to 2.0.5, as I see it, are:
1. This is, again, major security release. There was a major hole plugged;
2. If you started your blog with version 2.0 or newer, you’re missing a DB index on the post table and that will slow down your site.
I’ve provided more detail in a top 5 list on my own site, but you can always look at the official list of all 60 tickets addressed. I use this link to look at it in order of priority.
Please continue to convince your friends and everyone on your blog roll to upgrade, it is important. If any of them are worried about upgrading, I’ve included a 35 second upgrade script on my site. It’s been reviewed by the members of the WP-Hackers list. So, it is safe. I’d post the link here, but I’m releasing an updated version of it later today and don’t want the old links floating around. Just look at the Code Cave article link I posted above and follow it from there. 35 seconds for multiple blogs beats 20 minutes to do it by hand.
It is always important to keep your software up-to-date, especially when security fixes are concerned. There were a few blogs that bit the dust recently due to gaping security holes in earlier versions of WordPress. It is also important to remember that, once a security update is released, the security holes in the previous version become public knowledge.
P.S. Mark Jaquith, the official maintainer of the WordPress 2.0.x branch, has just released a collection of the changed files in the v2.0.5 release and a diff (patch) file, which can be used to quickly apply all of the changes made since v2.0.4 to your WordPress installation.
2 responses
Thanks for spreading the word about the update. With the number of people still running older releases, and the major security holes that continue to be closed in each 2.0.x release, it is very important to get everyone off of the older versions. The two biggest reasons to upgrade to 2.0.5, as I see it, are:
1. This is, again, major security release. There was a major hole plugged;
2. If you started your blog with version 2.0 or newer, you’re missing a DB index on the post table and that will slow down your site.
I’ve provided more detail in a top 5 list on my own site, but you can always look at the official list of all 60 tickets addressed. I use this link to look at it in order of priority.
Please continue to convince your friends and everyone on your blog roll to upgrade, it is important. If any of them are worried about upgrading, I’ve included a 35 second upgrade script on my site. It’s been reviewed by the members of the WP-Hackers list. So, it is safe. I’d post the link here, but I’m releasing an updated version of it later today and don’t want the old links floating around. Just look at the Code Cave article link I posted above and follow it from there. 35 seconds for multiple blogs beats 20 minutes to do it by hand.
Thanks for stopping by, Brian!
It is always important to keep your software up-to-date, especially when security fixes are concerned. There were a few blogs that bit the dust recently due to gaping security holes in earlier versions of WordPress. It is also important to remember that, once a security update is released, the security holes in the previous version become public knowledge.
P.S. Mark Jaquith, the official maintainer of the WordPress 2.0.x branch, has just released a collection of the changed files in the v2.0.5 release and a diff (patch) file, which can be used to quickly apply all of the changes made since v2.0.4 to your WordPress installation.