kn007的个人博客
♥ You are here: Home > > > 更新到WordPress 4.1.2

更新到WordPress 4.1.2

by | 27 Comments

wordpress-4.1.2

看到标题,就可以知道这是水文。据说修补了安全漏洞,官方说明:

  • A serious critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
  • Files with invalid or unsafe names could be upload.
  • Some plugins are vulnerable to an SQL injection attack.
  • A very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Four hardening changes, including better validation of post titles within the Dashboard.

如上所说,我觉得挺有必要更新的。

选择Wordpress的原因还是因为它频繁的更新,保证安全和不与时代脱节。

不过又想到个问题,纯静态的话,貌似就不会太大的漏洞。不过评论要第三方,或自己动态化。。。麻烦。还是不要想太多了。

找时间,想把PHP更新到5.6先。

转载请注明转自:kn007的个人博客的《更新到WordPress 4.1.2

donate
有所帮助?

Comments

27 Comments立即评论
Loading...
  1. 回复

    还在3.9系,耐得更新了。

    1. MOD回复

      @YueTeam: 4.0之前貌似有个大漏洞,可以直接提权获得权限。建议还是更新吧

    2. 回复

      @kn007: 更新了小版本,3.9.5

    3. MOD回复

icon_wink.gificon_neutral.gificon_mad.gificon_twisted.gificon_smile.gificon_eek.gificon_sad.gificon_rolleyes.gificon_razz.gificon_redface.gificon_surprised.gificon_mrgreen.gificon_lol.gificon_idea.gificon_biggrin.gificon_evil.gificon_cry.gificon_cool.gificon_arrow.gificon_confused.gificon_question.gificon_exclaim.gif