Andy Crofford

WordPress 2.6.2 is out

WordPress 2.6.2

There is a new .1 release out for WordPress. Unlike 2.6.1 everyone should upgrade to 2.6.2 because this is a security release. This is especially important for folks who use open registration. Here are the details from the WordPress blog:

If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

You can download WordPress 2.6.2 here.

WordPress seems to be coming out with a lot of new updates.  In the case of a security release this is a good thing but can get frustrating if you have a lot of blogs.  I use a pluging called Instant Upgrade and I highly recommend it.  It makes upgrading WordPress very painless.  So if you have a lot of blogs orhate upgrading manually you should definitely download this plug-in.

Filed Under: WordPress