Well, WordPress just released version 2.2 with a bunch of new stuff. I’ve upgraded the blog, and things seem to work so far — even on PHP5! They also included my workaround for the RPC bug in PHP 5.2.2.

I also upgraded the comments preview plugin, which now uses the actual post+comment page to show you the preview instead of showing a page that’s almost the same, but sorted in reverse.

At some point I need to test current versions of WP-Cache again, and see if WordPress’ internal cache works with PHP5 yet. And maybe it’s time to try a new theme. I’ve been tweaking this one pretty much since WP 2.0 came out.

Since upgrading to WordPress 2.1.3 a few days ago, I’ve noticed tags disappearing on some of my posts. I currently use Bunny’s Technorati Tags, which stores them in custom fields.

It turns out there’s been a known problem since WordPress 2.1 was released two months ago. Some plugin hooks have changed, and plugins that used to only get called during post editing are also getting called during comment publishing. I grabbed an updated version of the plugin, and it seems okay now.

Oddly, most (but not all) tags survived unscathed during the two months running earlier 2.1 releases. It’s only since moving to 2.1.3 that it’s been consistent. Oh, well, at least it prompted me to find the fix.

Sometime in the last 3-4 days, someone managed to alter the download for WordPress 2.1.1, adding a remotely exploitable security hole. The WordPress team has declared the release “dangerous” and has issued an update, WordPress 2.1.2, taken from the clean source plus a few fixes. If you run WordPress 2.1.1, upgrade ASAP!

Things worth noting:

  • The SVN source that the developers use was not altered.
  • Older versions, such as 2.0, don’t seem to have been affected.
  • If you downloaded 2.1.1 when it was first released, it’s probably okay.
  • 2.1.2 also includes a fix for a cross-site scripting vulnerability discovered a few days ago, so it’s worth updating anyway.

I still had the tar archive of 2.1.1 from when I grabbed it the day of the release, so I compared its contents to the 2.1.2 archive. The two files mentioned in the announcement, feed.php and theme.php, aren’t any different, confirming that the initial release was unaffected. That’s also where I saw the changes for that XSS bug.

*sigh* It’s always something…