WordPress 2.8.2 has been released just 11 days after WordPress 2.8.1. Today’s entry on the official WordPress blog warns us of an “XSS vulnerability” that could cause comment author URLs to be exploited to redirect you away from the admin to another site.
For those new to the term, XSS (Cross-site scripting) “is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy”. (from Wikipedia)
If you are upgrading your WordPress installation, make sure you make a backup of your blog. Easiest way I know to back up your WordPress blog is to to to Tools » Export in your dashboard. This creates an XML file that you can use to restore your blog if anything goes wrong.
For the last few revisions, I have been using the auto-upgrade feature of WordPress (Tools » Upgrade) For me the upgrade to 2.8.1 last week did not go as well as today’s upgrade did. When I upgraded to 2.8.1, although the blog seemed to work fine, I got errors while doing various admin tasks. I downloaded WordPress 2.8.1 and overwrote the auto-upgrade version on my server. That fixed the problem.
[...] forget to backup your data. I am still looking for an easier way to take a backup. As I said in my last “upgrade” post, the easiest way I know to back up your WordPress blog is to go to Tools » Export in your [...]