Comments on: WordPress 2.5.1 Release Fixes Several Vulnerabilities

By: DK

DK — Thu, 01 May 2008 12:48:34 +0000

I will probably wait for 2.5.2/3 before I upgrade. It really depends on the next round of fixes.

TheShadow — Wed, 30 Apr 2008 21:59:24 +0000

Do you advice upgrading from 2.3.3 to 2.5.1 ? is 2.5.1 fully secure like 2.3.3..

Chris Eng — Tue, 29 Apr 2008 01:26:49 +0000

More detailed writeup of the cookie integrity vulnerability here, for anyone interested: http://www.veracode.com/blog/?p=90

.mario — Mon, 28 Apr 2008 15:17:53 +0000

In my humble opinion the approach to use filtering and sanitation on demand will never work for fast growing web applications.

What WordPress needs the opposite approach – filter everything and exclude the values you are sure to be unable to cause trouble.

DK — Mon, 28 Apr 2008 10:55:52 +0000

Phil, should we add this to our When to Upgrade article? ;)