There’s an annoying DOS for WordPress doing the rounds – it’s blockable at the edge, using .htaccess, using a plugin, hand patching or by upgrading to 2.8.5
Kudos to the team for getting on top of this.
Here’s the scoop off wp-hackers:
http://wordpress.org/wordpress-2.8.5-beta1.zip
2.8.5 will probably release sometime in the next 24 hours. Changes since 2.8.4:
http://core.trac.wordpress.org/log/branches/2.8?action=stop_on_copy&mode=stop_on_copy&rev=12075&stop_rev=11811&limit=999
Summary:
* Fix for trackback DOS
* Removal of permalink_structure eval
* Remove some create_function() calls
* Disallow unfiltered uploads by default, even for admins. Enable it
again with define(‘ALLOW_UNFILTERED_UPLOADS’, true); in wp-config.php
* Add extra escapes here and there for some backside coverage
* Retire two old importers
* A few small bug fixes
This is mostly a security hardening release. There’s nothing exciting
unless you are concerned about the trackback DOS bug. Anyone who wants
to DOS your blog can do it regardless, but the trackback DOS bug makes
it easier for people to be annoying.
Recent Comments