Successful upgrade to WordPress 2.6.2

The latest version of WordPress was released within the past 24 hours and I have already completed a successful upgrade. No major enhancements – just a bunch of fixes and security patches to the WordPress core files. So far the upgrade appears to have gone well on this blog and without any impact to the modified K2 theme or any of the gazillion WordPress plugins that I run.

A big congratulations to the WordPress crew for making available, free of charge I might add, a reliable, stable and well supported blogging platform – thus providing us folks without anything better to do with our time the means to share our inner creative genius with the online world.

Here’s a technical spiel from the WordPress Development Labs on what 2.6.2 brings:

WordPress 2.6.2

By Ryan. Filed under Releases, Security.

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.

Other PHP apps are susceptible to this class of attack. To protect all of your apps, grab the latest version of Suhosin. If you’ve already updated Suhosin, your existing WordPress install is already protected from the full exploit. You should still upgrade to 2.6.2 if you allow open user registration so as to prevent the possibility of passwords being randomized.

2.6.2 also contains a handful of bug fixes. Check out the full changeset and list of changed files.

For those “WordPress-ies” out there curious what I have under the hood and what steps I took before they venture out and do their own upgrade:

• My WordPress installation is hosted by Bluehost and I took advantage of their Simplescripts scripting service to perform the actual upgrade.

(I would like to take this opportunity to acknowledge the valuable product and service that Bluehost provide to the online community. Despite the negative raves that one finds in forums and comments – I have found their sales and support staff to be professional, helpful and courteous during all my encounters with them. Recently I was having CPU utilisation issues and the Bluehost staff provided me with useful guidelines to resolve this issue. Shared hosting is a difficult and challenging business to be in and I feel that Bluehost are still the best option available.

• This Blog is based on the K2 RC7 theme with a modified custom style sheet.
• Goes without saying that I did the standard WP database backups and disabled all plugins before lifting a finger and also put the Blog into Maintenance Mode (see plugin below).
• Just to be on the safe side recreated Permalinks (after upgrade)
• And the following plugins have been activated – which basically means that would all be compatible with 2.6.2 (touch wood)…

And what would we do without the valuable contribution by WordPress Plugin developers? A sub-genre in their own right – giving their time, energy and sweat to extend the functionality, usefulness and richness of WordPress. A special big thank you to the developers of the plugins listed below…

[active_pluginsused]

NB: Proud to say that I’m probably the first to be running 2.6.2 in this part of the world. Yeehaaah!!