WordPress 2.6.2

| September 9, 2008 | Leave a Comment

WordPress 2.6.2 is a security release which tackles problems with SQL Column Truncation and mt_rand().

Since WordPress 2.6.1 was an optional update—first time in the history of WordPress—is WP 2.6.2 the same way? Here’s the answer:

If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password.

The dev blog also notes that this vulnerability is also applicable to other PHP-based applications.

Aside from security fixes, WP 2.6.2 contains a number of bug fixes as well.

Download WordPress 2.6.2 now.

Related Posts

Tags: , , , , , , ,

Leave a Reply