SecondVersion

WordPress 2.2.1 is now available. I’ll be upgrading soon, and I suggest others to do the same. Aside from the usual bug fixes, some rather important security fixes were made in this release.

WordPress 2.2.1 is now available. 2.2.1 is a bug fix release for the 2.2 series. Since 2.2 was released a month ago, the WordPress community has been improving fit-and-finish by identifying and fixing those little bugs that can be so annoying and by fine-tuning some small details. The result is a nicely polished 2.2.1 release. The full list of bugs fixed in 2.2.1 is available here. Here are some highlights.

• Atom feed validation fixes (#4274, #4307, #4381, #4382)
• XML-RPC fixes (#4314, #4329, #4315, #4469)
• Widget backward compatibility fixes (#4275)
• Widget layout fixes for IE7 (#4264, #4268)
• Page and Text Widget improvements (#4302, #4259)

Unfortunately, 2.2.1 is not just a bug fix release. Some security issues came to light during 2.2.1 development, making 2.2.1 a required upgrade. 2.2.1 addresses the following vulnerabilities:

• Remote shell injection in PHPMailer
• Remote SQL injection in XML-RPC Discovered by Alexander Concha.
• Unescaped attribute in default theme

Special thanks to Alexander Concha for his continued assistance in making WordPress more secure. Special thanks also to Daniel Jalkut of Red Sweater Software for his improvements to our XML-RPC implementation.

Wordpress.org has announced that there are now two wordpress contests running. Quoted from their blog post:

There are two contests going on in the WordPress community right now. If you’d like a chance to flex your WordPress skillz and perhaps win a prize and lifelong fame, you should consider dropping your code in the hat.

The first is the Sandbox Designs competition, which is like a theme competition, but working only with CSS and the highly semantic Sandbox theme. They already have a thousand dollars in prizes, so check it out.

Second our friends at Weblog Tools Collection are running a WordPress Plugin competition. They have a blog to track all the entries, but if you’re participating don’t forget to submit your code to the Plugin directory.

Both competitions require entries to be under the same GPL license that WordPress is, so regardless of who wins they’ll make the entire community much richer. (Remember, WordPress itself was written on the base of existing GPL code!)

Sounds cool, eh? I think I may enter into the plugin competition.

For more information:

Sandbox Designs competition

WordPress Plugin competition

I came across a neat podcast earlier today, regarding PHP and security. This podcast is by Eli White and Zend.com.

The tips & techniques mentioned in this podcast can be considered somewhat basic, and what most intermediate-advanced coders should know; but it’s still great to listen to.. especially for you beginners out there.

You can find the link below.

Description from Zend.com

HP Abstract, the new PHP centric podcast is here. Sit back, relax, and let the funky beat wash over you. While you are at it, grab a nugget of information.

Episode 1: PHP Security Tips

Special Guest: Eli White
Release Date: 06/05/2007
License: Creative Commons Attribution-Noncommercial-No Derivative Works 3.0

Eli talks to us about practical tips you can use to help make your application more secure.