WordPress 2.8.4 Released!
In a little under two weeks time since the last release WordPress has released a new version of their popular blogging platform. Version 2.8.4 is said to correct a relatively serious security issue but I think the folks over at WordPress explain it a touch better so you can catch their side of the story below. I do however encourage everyone to keep in mind that updates are released to help correct performance issues, security issues, or even just clean up previous source files to reduce overhead. In any case these updates are released to improve upon the software platform so there really isn’t much reason to put it off unless you have your own specific reasons.
From the WordPress Website:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
http://wordpress.org/development/2009/08/2-8-4-security-release/
Remember, the longer you put it off the higher the risk someone will discover this exploit on your own blog!