本站网址: YippeeSoft开心软件
本文链接: WordPress 2.8.5
虽然WordPress开发人员已经在完善WordPress 2.9的功能,但是随着WordPress的流行,越来越多的朋友开始关注WordPress,于是,WordPress的安全问题也日益被暴露出来。所以,WordPress开发人员不得不重新回头去修复已经确认的数个WordPress 2.8版本的安全漏洞,毕竟目前WordPress 2.8版本是用户使用的主流。
WordPress 2.8.5修复问题列表:
修复Trackback拒绝服务攻击。
Removal of areas within the code where php code in variables was evaluated.
修改WordPress附件上传函数。
从低版本插件中隐藏了两个无关因要的标签数据。
目前在WordPress控制面板已经有升级提示,有升级需要的用户可以及时通过WordPress的一键升级功能完成升级。
也可以到WordPress.org下载,覆盖升级。(请先备份数据库,请不要跨版本升级!)
在WordPress官方博客里,还介绍了一个插件:WordPress Exploit Scanner,可以方便检测数据库中日志和评论的可以数据,也能检测出来可以的插件目录名称。
关于WordPress 2.8.4的漏洞,有兴趣的朋友可以看看这里:New 0-Day WordPress Exploit。
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
The headline changes in this release are:
* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection.
If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner. This is a plugin which searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. You can read more about this plugin here – “WordPress Exploit Scanner“
原创文章,转载请注明: 转载自YippeeSoft开心软件
本文链接地址: WordPress 2.8.5
历史博文
- VS2010 BETA2 下载 - 2009
- Microsoft Visual Studio 2010 Ultimate Beta 2 - ISO - 2009
- Suspend Process in C# - 2009
- 20080108 opensource erp - 2008
- 20070520 十送红军 送郎调 - 2007
- 0511 MSDN universal dvd china asia 2006 April 缺少 - 2006
- 李媛媛 问题 回答 疑惑 - 2005
评论