A security update for WordPress was released on February 15, 2010. Version 2.9.2 fixes a security vulnerability for WordPress versions 2.9 and 2.9.1.
Why do I need to upgrade to WordPress?
On December 18, 2009, WordPress had released Version 2.9 (Carmen). In this version, some great new features were added. One of them was the Global undo/Trash feature. This is great because if you accidentally delete a post, page or comment, you can easily restore it. It basically serves as a trashcan, kind of like the trashcan on you computer. This feature can be disabled, but it's activated by default on all WordPress versions above 2.9.
Unfortunately, a bug was found in the “trash” feature. Every user who can log in, including those with just a subscriber role, can access all the posts, pages and comments you've moved into “trash.”
According to WordPress, Thomas Mackenzie alerted them of the bug. WordPress.org suggests that if you have non-trusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. This obviously won't affect you unless you have more than one user registered at your site. You can read more about this upgrade at WordPress.org.
According to many posts that I've read, this was reported by several users over the past few months. I know it's a pain to go in and upgrade our sites, but I'm thankful the developers of WordPress that they make them available to us.
No matter how many registered users you have on your WordPress blog, I always suggest that you upgrade to the latest stable version. To update, just log in to your wp-admin section and go to Tools > Upgrade. Click here for upgrade instructions.
When will I have to upgrade WordPress again?
Unless there's a known security vulnerability with the latest stable version, WordPress has adopted a regular release schedule every three or four months, with features primarily driven by ideas voted on by users. Here's the next planned releases:
- WordPress Version 3.0 – April, 2010
- WordPress Version 3.1 – August, 2010
- WordPress Version 3.2 – November, 2010
Does WordPress 2.9.2 install okay?
I have tested the WordPress 2.9.2 upgrade, both automatically and manually and it seems to be working fine.
Let me know if you've experienced any problems with upgrading to this version. Leave me a comment below.
Follow on Twitter