WordPress 2.8.1 Released

WordPress 2.8.1, which fixes a number of problems with 2.8 and addresses a potentially serious security vulnerability, was released yesterday. The problems that were fixed were causing serious problems for some users.  A work around was created so that some templates that were not working due how they called get_categories(). Dashboard memory usage was reduced to alleviate an issue where some people were receiving an incomplete page when they attempted to view the dash board. And an issue that caused the rich text editor not load was worked around. The security vulnerability allows any user of the blog, including subscribers, to view and in some cases modify plugin files if they did not explicitly check permissions.  In Corelabs advisory about the vulnerability, they mention one plugin whose features could be disabled and another that could be modified to run arbitrary code when the blog administrator visits the plugins page. Extra security has been put in place to better protect plugins from this.

Leave a Reply

Your email address will not be published.