iTechnoBuzz!!

Ryan Boren the lead developer of WordPress Team has just announced the release of WordPress 2.8.6 Security update through WP blog. The release fixes two vulnerabilities relevant only for blogs having more than one authors like iTB as they can only be exploited by registered, logged in users with posting rights. In his blog post Ryan Boren suggests webmasters having untrusted authors to switch and update to WordPress 2.8.6.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

The update is now officially available on WordPress.org and could be downloaded from : http://wordpress.org/download/. To update your wordpress blog to v.2.8.6 all you need to do is to click on Automatic Update in your WordPress DashBoard (Admin Panel), and within a minute you will get your blog upgraded to WordPress 2.8.6.

WordPress 2.8.6 upgrade does not require any update to WordPress database, but before updating it is recommended to take a backup both of your wordpress files hosted on the server plus the mysql database, which could be required in case the upgrade fails for any reason.