Wordpress just released an update (well, yesterday), which fixes a critical bug in their sanitization Library, KSES.
[release]
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
[/release]
The XSS vulnerability is the following:
[url]http://www.exploit-db.com/exploits/15858/[/url]
tl;dr: update if you don't want to get your shit fucked up
Updated, thanks.
[QUOTE=PiXeN;27076575]Wordpress just released an update (well, yesterday), which fixes a critical bug in their sanitization Library, KSES.
[release]
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
[/release]
The XSS vulnerability is the following:
[url]http://www.exploit-db.com/exploits/15858/[/url]
tl;dr: update if you don't want to get your shit fucked up[/QUOTE]
This thread wasn't really necessary. On the administration panel it tells you that it's a critical security update.
[QUOTE=Qombat;27081204]This thread wasn't really necessary. On the administration panel it tells you that it's a critical security update.[/QUOTE]
Not everyone logs into their account every day.
I've updated aswell.
[QUOTE=Adam.GameDev;27101248]I've updated aswell.[/QUOTE]
I thought [QUOTE=Adam.GameDev;26863213]Wordpress is shit.[/QUOTE]
[QUOTE=supersnail11;27103753]I thought[/QUOTE]
[img_thumb]http://imagemacros.files.wordpress.com/2009/06/oh_you.jpg[/img_thumb]
[editline]31st December 2010[/editline]
It's not necceserially my Website.
[QUOTE=Adam.GameDev;27105274][img_thumb]http://imagemacros.files.wordpress.com/2009/06/oh_you.jpg[/img_thumb]
[editline]31st December 2010[/editline]
It's not necceserially my Website.[/QUOTE]Who would use you to manage their website?
[QUOTE=Adam.GameDev;27105274][img_thumb]http://imagemacros.files.wordpress.com/2009/06/oh_you.jpg[/img_thumb]
[editline]31st December 2010[/editline]
It's not necceserially my Website.[/QUOTE]
Oh
[media]http://i51.tinypic.com/2vhvkvk.png[/media]
[QUOTE=Adam.GameDev;27105274]It's not necceserially my Website.[/QUOTE]
Oh yeah? Then who's wordpress blog is this? [url]http://adamgamedev.co.cc/[/url]
[QUOTE=nivek;27105988]Oh yeah? Then who's wordpress blog is this? [URL]http://adamgamedev.co.cc/[/URL][/QUOTE]
I meant someone elses I mas making, but how'd you find I remade it?
[QUOTE=Adam.GameDev;27107006]I meant someone elses I mas making[/QUOTE]
That doesn't void out our previous points...
While you're playing around, goto [url]http://corz.org/serv/tricks/htaccess.php[/url]
as usual
I fail. :frown:
[QUOTE=Adam.GameDev;27119350]I fail. :frown:[/QUOTE]
htaccess is hard
[QUOTE=:awesome:;27119773]htaccess is hard[/QUOTE]
I got it working with the way supersnail suggested.
[editline]1st January 2011[/editline]
[QUOTE=supersnail11;27112090]While you're playing around, goto [url]http://corz.org/serv/tricks/htaccess.php[/url][/QUOTE]
At least someone is being nice!
This is sad...
[QUOTE=nivek;27130596]This is sad...[/QUOTE]
It is when you start harrasing me again.
[QUOTE=Adam.GameDev;27145136]It is when you start harrasing me again.[/QUOTE]
Now you're just begging for it.
Sorry, you need to Log In to post a reply to this thread.
