WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)
WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:
– Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
– A cross-site request forgery that could be used to trick a user into changing their password.
– An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
– Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
– An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
– WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.
Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.
Download WordPress 4.0.1 or venture over to Dashboard → Updates and simply click “Update Now”.
We have a brand new layout over at C-odonoghue.com, a Colin O’Donoghue fansite, made by Gemma.
Check out the site to keep up to date on all you need to know about Colin and don’t forget to also visit our gallery where we currently have over 28’000 images. Thank you for visiting and please return to us daily. Also don’t forget to follow us on Twitter and Tumblr.
Kerry Washington Fan finally released our new more right to the Kerry Edition Layout!
I am happy to release that the new layout and it features a more inviting look with all the #scandal related headlines at top in a convenient post slider and the responsive navigation with our new offical logo below and a professional white box below featuring new photos on the left and new videos on the right and the not scandal related Kerry Washington related post on the middle and this website layout is responsive so grab your devices (Ipads, Iphones, Androids) so you can still keep updated with a fast easy to navigate site, & lets not forget a matching gallery theme.
Please go here to enjoy the new gallery look – View
Thank you and hope you enjoy the site!
The biggest and greatest fan ran A$AP Rocky fansite is back and bigger than before! The official website asaprockydaily.com and the gallery asaprockydaily.com/gallery both have brand spanking new looks!
The website will now be updated daily and the gallery has over 1000+ photos (450 HQ) and more are being added daily! Check out asaprockydaily.com for the latest news on A$AP Rocky. Make sure you visit the website!
we would like to announce that the newest version of WordPress has been released (2.8.5). The headline changes in this release include:
• a fix for the Trackback Denial-of-Service attack that is currently being seen,
• removal of areas within the code where php code in variables was evaluated,
• switched the file upload functionality to be whitelisted for all users including admins,
• retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection.
Do not forget to upgrade all your scripts, especially Coppermine, because many of you use old versions which is not a good idea at all.