10.10.03

b2 Security Fix Available [Development] -  matt @ 07:32:36 522
Hello everyone. As some of you may be aware, a SQL injection vulnerability was reported and fixed in WordPress. As the same vulnerability effects all recent versions of b2, Michel asked me to put together a release for people who weren't ready to upgrade to WordPress yet and were still using b2. So b2 version 0.6.2.2 is available. The only change from the previous version is in blog.header.php where the vulnerable code was located. Thanks to Seth Woolley for reporting this issue responsibly. Be safe and upgrade as soon as possible.
14 comments

 

:: comments

 

kenneth - url
Probably the wrong place to do this: but you guys forgot to bump the version number in b2vars : P .
10.10.03 @ 08:26:50 560

 

epolady - email
Anyone else getting 404s when downloading either package? Even other mirror URLs lead to 404. I had this problem with WP earlier, but it looks like it's fixed now.
10.10.03 @ 11:41:16 695

 

Matt - email - url
Epolade, that's probably because the release hadn't propogated to all the Sourceforge mirrors yet.
10.10.03 @ 16:08:01 880

 

epolady
They're both working for me now, thanks again.
10.10.03 @ 23:30:29 187

 

Ben Woolley - url
Seth's URL is really http://seth.positivism.org/ or http://seth.tautology.org/ and not http://tautology.org/ which is my site. I am his brother, only hosting is email address. I made tautology.org redirect all referrers from here to seth.positivism.org.
11.10.03 @ 03:02:07 334

 

Matt - email - url
Ben, sorry for the mixup. I've updated the post with the correct link.
11.10.03 @ 03:18:23 346

 

Ben Woolley - url
Thanks, although I certainly didn't mind the link myself. : ) 
11.10.03 @ 03:30:10 354

 

name
i am still wondering how to make links in comments: is it this or this or this?
14.10.03 @ 06:25:28 476

 

jessie - email - url
Can anyone help me with my template since i'm B2-disabled?
my B2 url is http://purple-meadow.net/avada_kedavera/index.php

i'm wanted a hp layout too oo;
15.10.03 @ 03:28:19 352

 

nk - email
Why don't you create a security-newsletter, just for advisories like the mysql injection, and when new releases are available, it'll be too useful for people like me who don't have the time to watch the forum or periodically read the blog.

cheers
15.10.03 @ 13:28:41 769

 

Katie - email - url
How do you make your comments not popup and how do you get the smilies to show up in ur blogs??
17.10.03 @ 01:26:42 268

 

epolady
Katie, try a search in the forums.
17.10.03 @ 01:33:08 273

 

billy - email - url
katie, read the read me file ; ) 
17.10.03 @ 05:07:46 422

 

hyprskillz - url
hmmm... Anyone know how to move the links portion to the left? Thanks.
27.10.03 @ 07:08:30 547

 

:: leave a comment

 

name

email

url

your comment

Auto-BR (line-breaks become <br> tags)

 

:: return to the blog

[powered by b2.]

4 sp@mbots e-mail me