[wp-hackers] vuln
Mark Jaquith
mark.wordpress at txfx.net
Sun Aug 14 12:40:30 GMT 2005
Scott Merrill wrote:
> I want to construct a sticky forum post _officially_ responding to the
> issue, describing the problem, and providing as complete a solution as
> possible for users _right now_.
Support form post here:
http://wordpress.org/support/topic/41836
Latest /branches/1.5/wp-settings.php file with vulnerability fixed here
(works on top of a 1.5.1.3 install):
http://trac.wordpress.org/file/branches/1.5/wp-settings.php?rev=2779&format=raw
There are two last things I would definitely like to see make it into WP
1.5.2:
http://trac.wordpress.org/ticket/972 (adds "Save and Continue Editing"
to Page Edit screen)
http://trac.wordpress.org/ticket/1578 (adds hooks for comment
notification and moderation e-mails. Hooks++)
They both have patches.
Other than that, I think we're more than ready for a release. If
something else comes up, we can do another point release. Not the end
of the world. The feedback I've been getting from users has been along
the lines of "why isn't this fixed yet?" #wordpress has been helping
people secure their blogs, but we can't reach as many people as a dev
blog post could.
If there's more work to be done, let's identify the issues and get
people to pitch in and get it done.
--
Mark Jaquith
http://txfx.net/
MCincubus @ #wordpress
More information about the wp-hackers
mailing list