Abel Cheung's character set SQL injection vulnerability is 9 days old. I've been reading through these forums but can't find thing on it.
Is 1.3 MU affected by it, and how would one upgrade to fix it? the latest.zip file still shows $wp_version at 2.3.1.
Also, all the docs I've seen about upgrading are for 1.2.x to 1.3. Does the "Upgrade Site" script in the Site Admin menu auto-grab new versions? Or should a new latest.zip be downloaded and put in a specific directory?
TIA.
"Does the "Upgrade Site" script in the Site Admin menu auto-grab new versions?"
No. It upgrades individual blogs in chunks *after* you've grabbed new files. It just goes through and makes any needed db changes (if there is any).
Check the track to see if that latest one has been fixed.
http://trac.mu.wordpress.org/
The latest downlond on the download page is the latest official release. That hasn't been updated in a while.
Abel Cheung's character set SQL injection vulnerability is 9 days old. I've been reading through these forums but can't find thing on it.
Is 1.3 MU affected by it, and how would one upgrade to fix it? the latest.zip file still shows $wp_version at 2.3.1.
As far as I know, there isn't a fix for this vulnerability but you shouldn't worry about it if you are not using GBK or Big5 as your database encoding.
