I didn't think of it that way but you're right

WPTavern Twitter Account | Personal Blog | WordPress Weekly Podcast

Here's the security changes:
http://core.trac.wordpress.org/chang...=11719%40trunk

Short version: The comment author email was not properly escaped, so it was/is possible to put code into there which would get displayed on the page. It was not particularly *easy* to do that, mind you, but it was still possible.

Security risk: Medium. It's an XSS bug, exploiting it is difficult but can be automated. If you allow comments, you're vulnerable. It would difficult to exploit this to gain deeper access to the site, due to the limited field size.

Most likely attack: Annoyance factor. Somebody could, for example, make a comment that caused the page to redirect when displayed.

Even if you have had trouble with the autoupgrader, you could download it directly to your webhost and unzip it in place instead of downloading it to your computer, unzipping and then uploading to your webhost. That would likely be a faster option.

Looks like WPMU has been updated as well http://mu.wordpress.org/download/

Joe Taiabjee
work: b5media.com - blog: joetek.ca - twitter: @joetek

Manual upgrading is very easy and takes less then 5 minutes when I sometimes do it.

Delete the following folders and their content: wp-includes, wp-admin

Delete all loose WordPress files in the root of your install except one file: wp-config.php.

Move across new files not including folders: wp-includes, wp-admin and file wp-config-sample.php.

Go to the following link to finalize the upgrade: http://www.mysite.com//wp-admin/upgrade.php

That's it, use to do it like this all the time....

PS: Starting to like the auto-upgrade feature. Used it on about 40 sites today...

Premium WordPress Hosting

I usually just upload the whole archive and overwrite everything (I've configured FileZilla to overwrite without asking). Saves the trouble of deleting anything.

Of course that's a moot point since I always use the auto up-grader now :)

Will Anderson
It's an Anderson | Twitter | Anderson Web Solutions

Yep, they're working hard to sync WPMU updates with WP ones as the merge gets closer.

(I'm kinda excited. Can I squee in here?)

Wordpress MU Tutorials | Twitter | Personal Blog

Well auto upgrade is quite slow as well for some reason. Its not the host at its fine on other internet connections

The lord of every land, rising for them,
The Aton of the day, great of majesty.
Great Hymn of the Aton

Finally had time to auto-upgrade today. All went smoothly, as is, by now, expected.

@chip_bennett | chipbennett.net (est. 2000) | WordPress user since May, 2005 | Linux (Kubuntu) user since September, 2007
cbnet Plugins

upgrade upgrade upgrade upgrade upgrad.

Did I mention upgrade?

Most of these attacks are of very lazy admins. You can't just give up after installation.

You have to maintain your site, do your backups and so forth.