[wp-hackers] Re: 2.0.10 and 2.1.3 Release Candidates
Ryan Boren
ryan at boren.nu
Fri Mar 16 22:34:59 GMT 2007
On 3/14/07, Ryan Boren <ryan at boren.nu> wrote:
> Release candidates are up for 2.0.10 and 2.1.3. These address all
> known vulnerabilities including the following:
>
> http://www.virtuax.be/advisories/Advisory4-20022007.txt
> http://secunia.com/advisories/24485/
> http://secunia.com/advisories/24430/
RC2 for both 2.0.10 and 2.1.3 is out. The following bugs are fixed:
http://trac.wordpress.org/ticket/3979
http://trac.wordpress.org/ticket/3981
Also, some more attribute_escapes were added to a few places.
http://trac.wordpress.org/changeset/5046
http://trac.wordpress.org/changeset/5050
Areas that need testing are paging (posts_nav_link,
previous_posts_link, next_posts_link), xmlrpc uploading (for 2.1),
nonce AYS confirmations, and page on front (for 2.1).
Mark and I have been auditing the code and think we have found all
places where we should attribute_escape, but we could use some more
eyeballs. Attributes that might contain user supplied content should
always receive attribute_escape treatment before being output. This
includes $pagenow and PHP_SELF. If you see any places where PHP_SELF
or $pagenow are being output, check to make sure they are being
properly escaped. These should rarely be output by WP core, and
plugins and themes should probably avoid outputting them altogether.
Also, please give wp_nonce_ays() a thorough review. This function has
been the source of many bugs.
Acunetix should run cleanly against the RCs. If you have a
vulnerability scanner handy, run it against the RCs and let us know if
something pops up.
RC2 packages are available on the release archive page.
http://wordpress.org/download/release-archive/
Here are direct links to the packages along with md5 checksums.
http://wordpress.org/wordpress-2.0.10-RC2.zip
md5sum: cb6def9ae1d30c89a104d931b8e240c4
http://wordpress.org/wordpress-2.0.10-RC2.tar.gz
04d32f69e6df17562f3d26d993a3f0b7
http://wordpress.org/wordpress-2.1.3-RC2.zip
4f95bfbe9176a423fd794c3c6f38381c
http://wordpress.org/wordpress-2.1.3-RC2.tar.gz
8dcbf82fbdff4f0214e1d8862e281e7e
More information about the wp-hackers
mailing list