Welcome to WebmasterWorld Guest from 18.207.134.98

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

WordPress 4.0.1 Security Release

This is a critical security release

     
8:30 pm on Nov 20, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7577
votes: 4


WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues...


[wordpress.org...]
11:52 pm on Nov 21, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts: 3828
votes: 31


Thanks for the update.

Most of my sites I have set to update wordpress automatically, but I always wonder whether that might be a problem in itself if the plugins are incompatible with the update.
12:21 am on Nov 22, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7577
votes: 4


If your plugins are in the WordPress repository and reasonably current then you are unlikely to see an issue. Of course YMMV with too many plugins, custom coding, etc...
1:15 am on Nov 22, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts: 3828
votes: 31


Good to know that most recent plugins will survive the automatic updates.

[edited by: lorax at 3:07 am (utc) on Nov 22, 2014]
[edit reason] snipped editing discussion [/edit]

3:54 pm on Nov 22, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8639
votes: 283


After my last Drupal experience, I'm basically changing everything to auto-update.

The thing is, what would you rather have

A) An update that breaks your site which, if you have a service like Pingdom active, will alert you in minutes and you can fix a 100% known and understood code problem

B) An update that you don't get to because you don't have a 24/7 IT department and sometimes you're busy and by the time you get to it, the entire server needs to be stripped down, the entire VM erased and all server config and sites rebuilt.

I'm finding option A more acceptable than I did in the past.
9:11 pm on Nov 22, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts: 3828
votes: 31


Thanks for the input, ergophobe.

Yeah, Option A does sound a bit better...
8:52 am on Dec 4, 2014 (gmt 0)

New User

joined:Dec 3, 2014
posts:9
votes: 0


Thanks for the information!
7:30 am on Dec 18, 2014 (gmt 0)

New User

joined:Dec 15, 2014
posts:3
votes: 0


Does anyone know when WP 4.1 will be released? I heard it was supposed to be 16 Dec, but it is 18 Dec already and nothing new yet.
10:15 am on Dec 18, 2014 (gmt 0)

New User

joined:Dec 10, 2014
posts:7
votes: 0


I got the notice to check my plugins to be ready with WP 4.1 so I think they will release it soon