That's it WordPress 3.8.2 είναι διαθέσιμο για download. Η last update θεωρείται μια πολύ σημαντική έκδοση ασφαλείας, καθώς σύμφωνα με τους προγραμματιστές διορθώνει μια σειρά από κρίσιμες ευπάθειες.
The 3.8.2 version addresses some security issues and resolves 9 issues.
One of the vulnerabilities addressed with the release of WordPress 3.8.2 refers to a possible spoofing of the cookies used for the control identity (CVE-2014-0166). The vulnerability could be exploited by an attacker to enter a page using authentication cookies. The flaw was discovered and fixed by Jon Cave, a member of the WordPress security team.
The second vulnerability is (CVE-2014-0165), which was fixed, could be used by a malicious user with Contributor role to publish articles. Edik was the one who discovered the vulnerability.
In addition to these fixes, WordPress 3.8.2 also contains three additional security changes. Websites can now identify potentially abusive requests because additional information will be passed through processing of pingbacks.
All changes to the new version are described below:
- Potential authentication cookie forgery. CVE-2014-0166.
- Privilege escalation: prevent contributors from publishing posts. CVE-2014-0165.
- (Hardening) Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
- (Hardening) Fix and low-impact SQL injection by trusted users.
- (Hardening) Prevent cross-domain scripting through Plupload, the third-party WordPress library for uploading files.
Changing files
* wp-admin/about.php * wp-admin/themes.php * wp-admin/includes/post.php * wp-admin/includes/class-wp-posts-list-table.php * wp-admin/includes/class-wp-upgrader.php * wp-includes/class-wp-xmlrpc-server.php * wp-includes/bookmark.php * wp-includes/query.php * wp-includes/pluggable.php * wp-includes/post-template.php * wp-includes/update.php * wp-includes/version.php * wp-includes/js/plupload/plupload.silverlight.xap * readme.html
Those of you using the popular platform for your website, you should be able to update it immediately.
Download the new version from the official website.
Read more about changes made by the update.
