WordPress 2.3.3 in detail
WordPress 2.3.3 has been released and includes a number of changes including one security fix, here is a list of most of the changes in detail:
- Reversion of the change to sent the “Sender” in
wp_mail()(#5273). - Changes to the magic number detection for gettext file loading for better support of 64bit systems (#3780).
- A fix in install-helper.php so that you do not get errors when included from a plugin (#5090).
- Addition of extra capabilities checks to the xmlrpc code (#5313).
- Fixes to the naming of some query variables used for category intersections (#5788).
For a complete list of all the changes you can read this section of the branches/2.3 log.
[...] so if you haven’t updated yet take this as a friendly reminder as it includes a security fix. You can read a more detailed look at the changes over on my other blog. Comment on this [...]
Somewhere I got it that if I only replaced my XMLRPC.PHP file the security issues would be resolved. I did that but WP still reminds me that updates are available. How important is it to do the complete update?
@Charles: replacing the xmlrpc.php will have fixed the security issue yes. But the rest of your WordPress is still going to be 2.3.2 as that wasn’t the only change. The full update is not as important as it only contains the changes above but it would be recommended.
If you just want the changed files you can get them from trac by following this link: WordPress 2.3.3 changes file zip
Обновился WordPress до 2.3.3
WordPress опять обновился. Как обычно в последнее время, закрыты дырки в системе безопасности.
Прблема обнаружена в имплементации XML-RPC, с помо…
[...] modifications for WordPress, you begin to pay closer attention to the update details such as thiswhat has changed in WordPress 2.3.3 notice. Doesn’t look like any changes effect what I do. If you don’t want to upgrade [...]
[...] UPDATE: per ulteriori informazioni, invito a leggere l’articolo “WordPress 2.3.3 in detail“. [...]
new version seems like killing my DB server too often.
AND tt.term_id IN (’24′, ‘22′ 
ORDER BY tr.object_id ASC
2.3.2 did not.
Logs contain lots of records like:
[Sat Feb 09 23:12:01 2008] [error] [client 91.122.253.138] WordPress database error MySQL server has gone away for query SELECT option_value FROM wp_options WHERE option_name = ’siteurl’
[Sat Feb 09 23:12:01 2008] [error] [client 91.122.253.138] WordPress database error MySQL server has gone away for query SELECT option_value FROM wp_options WHERE option_name = ‘rich_editing’ LIMIT 1
[Sat Feb 09 23:12:01 2008] [error] [client 91.122.253.138] WordPress database error MySQL server has gone away for query SELECT tr.object_id FROM wp_term_relationships AS tr INNER JOIN wp_term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN (’category’
etc ……..
Anyone has idea?
@dimo.su: I can’t see any change that should affect the interaction between WordPress and the database. I would try talking to you hosting company and following some of the steps in the mysql documentation about dealing with that error message
[...] Security updates keeps us busy during festive holidays again. The last one with WordPress 2.3.2 kept us occupied prior to the 2008 New Year. Today, the new WordPress 2.3.3 release happens just prior to the Lunar New Year. The major focus of this security release is to fix a flaw in the XML-RPC implementation. Other XML-RPC problems were also plugged in the previous WordPress release. Holidays or not… you should try to upgrade ASAP! More details on 2.3.3 here. [...]
I updated from 2.3.2 to 2.3.3 and now, my podcast player, PodPress 8.8, does not show in any of the podcast posts. The files still show up in the XSPF Player. I’m using K2 theme, which I have used for some time–no changes there. Any thoughts on this? Should I go back to 2.3.2 despite the security bugs?
I may have fixed this. A comment on the podPress forum, suggested turning the:
the podpress->general settings tab and the option “Before tag:” … flip it to “yes”
fixed it. The Player now shows in all the posts, even though I rarely use the tag.
@D. Brent Miller: Nothing that changes between these releases should have affected plugins. If you want to go back to 2.3.2 just make sure you use the 2.3.3 xmlrpc.php which will then give you protection against the security issue.
If you have the time it would be interesting to know which of the few files that have changed cause the plugin to stop working.
As I said above you can get a zip file of the changes files from trac. Replacing them one by one until you see the issue may help track down the change that is causing your problem. If you do this please open a ticket on trac with details and we will look into it.
[...] gasten bij WordPress zijn toch wel goed bezig vind ik eigenlijk. Ze ontdekken een probleem (of meerdere issues) en [...]
This upgrade was pretty painless - 6 files! Upgraded all my blogs in minutes.
Tanx!
[...] Minua häiritsi valtavasti tietämättömyyteni uudesta ohjelmaversiosta, joten päätin tarkistaa millaisia tietoturva-aukkoja uusi ohjelmaversio korjasi. Ylläpidon puolelta löysinkin sopivan linkin, jonka takaa etsimäni tieto oli helposti luettavissa.http://westi.wordpress.com/2008/02/08/wordpress-233-in-detail [...]
I updated my wordpress from v2.3.2 to v2.3.3 and now I’m having a 500 internal server error and sometimes a white blank page. Did anybody having a same problem like mine?
@Alvin: That maybe means you have an issue with a plugin. If you had error_reporting enabled then you would see a PHP error instead of a white page. You may have some debug info in your web servers error log file.
What has happened to the ATOM feed. I’m running 2.3.3 and have lost it. I’ve noticed that the RSS feed is employing some new features, is RSS muscling out my beloved ATOM feed? I was using it to pull in author names and profile pictures and now that I’ve had to revert to RSS my feeds look silly and my blog authors are after me. Is there a hack/patch for this issue, is this even an issue?
@Pete: There were no changed to the atom feed in 2.3.3 or the RSS feed for that matter.
Hi, I just upgraded to WordPress 2.3.3 a few minutes ago, and now I get the following error whenever I try to save an edit to a post… anybody have any ideas?
>>>>
WordPress database error: [Table 'generic3_wrdp1.wp_post2cat' doesn't exist]
SELECT cat_ID AS ID, MAX(post_modified) AS last_mod FROM `wp_posts` p LEFT JOIN `wp_post2cat` pc ON p.ID = pc.post_id LEFT JOIN `wp_categories` c ON pc.category_id = c.cat_ID WHERE post_status = ‘publish’ GROUP BY cat_ID
<<<<
Thanks a bunch,
Cary
@Cary: That is caused by a plugin you are using that has not be updated for the database changes in WordPress 2.3 the post2cat table has been removed and the category to post relationships are now stored in the taxonomy tables.
I just upgraded to 2.3 about a month ago… and then spent some time modifying the wordpress admin theme because the current one takes up too much valuable screen real-estate… I know I can back up these files, but I find it cumbersome to do a full upgrade. Is there any way with minor upgrades that you can release the specific files that were changed so that I can apply the security fixes and get rid of the “update wordpress now” warning that is again… taking up space at the top of my dashboard?
Thanks!
@Ruby: We don’t release official change file sets but if you just want the changed files you can get them from trac by following this link: WordPress 2.3.3 changes file zip - this zip file is auto generated by trac.
It would appear that wordpress 2.3.3 still has security issues. I woke up this morning to two <noscript> tags inserted into my most recent post. This is the same sort of hack I was seeing prior to 2.3.3 … is the wordpress devel team aware of this?
@Aaron: Please email security@wordpress.org with enough relavent information to investigate the issue. Web server access_logs are a good place to look first.
My blog used to display Hindi in version 2.1.3. With 2.3.3 it does not. Any ideas, fixes, suggestions to get Hindi displayed properly gratefully received. Thanks much.
@umlaut: You need to install the correct localisation files and configuration to get your blog to display in a language other than English. You can read more information on this on the WordPress codex - http://codex.wordpress.org/Localization
Thanks for the quick response Peter!
The odd thing is that Hindi is not a supported language on the link. It never was. But WP2.1.3 rendered Hindi just fine, despite WordPress not being localized to Hindi. Now it does not. Any idea which file(s) may be involved?
Another (related?) issue is the display of apostrophes and and “em” dashes - it is all messed up. Pointers to possible files I need to hack would be wonderful.
Thanks, again!
@umlaut: I take it by “rendered Hindi” you mean in post entries etc. I think you need to look at what encoding you are using in your database and you may need to add an entry to the wp-config.php file to make sure WordPress talks to the database using the same encoding - this information in the codex may be on some use - http://codex.wordpress.org/Converting_Database_Character_Sets
Thanks Peter!