WordPress 2.3.3发布+原文翻译

WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available.

Since we are talking security, remember to use strong passwords and change them regularly.  While you’re updating WP and your plugins, consider refreshing your passwords.

WordPress 2.3.3是一个紧急的安全更新版本。发现在xml-prc执行时有一个缺陷:一个特定的请求会导致任何有效的用户在这个博客上修改其他任何用户发表的日志。除了修正这个错误外,2.3.3还修复了一些细小的bug。如果你仅仅对xml-prc的安全问题感兴趣,只需下载修正好的xmlrpc.php然后覆盖掉原来的xmlrpc.php。否则的话你可以在这里下载完整的版本。



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.