分类 开源代码 下的文章

WordPress 3.1 beta 1刚发布几天,WordPress就爆出了安全漏洞。WordPress官方紧急发布了WordPress 3.0.2,在后台可以看到升级提示。

最关键的是,这个安全漏洞影响到了WordPress之前发布的所有版本的WordPress。

WordPress安全漏洞描述:

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

WordPress 3.0.2的发布主要修复一个常规的安全漏洞,这个漏洞可以让别有目的的用户获得更多的用户数据,3.0.2的发布,除了修复了这个功能,对WordPress常规的安全也做了更新,使得WordPress更加安全。

感谢Vladimir Kolesnikov为这个安全漏洞提供详细的说明。

WordPress 3.0.2 下载地址:http://wordpress.org/latest.zip

官方原文

Posted November 30, 2010 by Mark Jaquith. Filed under Releases,Security.

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

nginx(发音同 engine x)是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,并在一个BSD-like 协议下发行。由俄罗斯的程序设计师Igor Sysoev所开发,最初供俄国大型的入口网站及搜寻引擎Rambler(俄文:Рамблер)使用。  其特点是占有内存少,并发能力强,事实上nginx的并发能力确实在同类型的网页伺服器中表现较好.
目前中国大陆使用nginx网站用户有:新浪、网易、腾讯,另外知名的微网志Plurk也使用nginx。

Changes with nginx 0.9.0 29 Nov 2010
*) Feature: the "keepalive_disable" directive.
*) Feature: the "map" directive supports variables as value of a defined variable.
*) Feature: the "map" directive supports empty strings as value of the first parameter.
*) Feature: the "map" directive supports expressions as the first parameter.
*) Feature: nginx(8) manual page. Thanks to Sergey Osokin.
*) Feature: Linux accept4() support. Thanks to Simon Liu.
*) Workaround: elimination of Linux linker warning about "sys_errlist" and "sys_nerr"; the warning had appeared in 0.8.35.
*) Bugfix: a segmentation fault might occur in a worker process, if the "auth_basic" directive was used. Thanks to Michail Laletin.
*) Bugfix: compatibility with ngx_http_eval_module; the bug had appeared in 0.8.42.

下载地址:
WIN:http://nginx.org/download/nginx-0.9.0.zip
linux:http://nginx.org/download/nginx-0.9.0.tar.gz

PostgreSQL 9.0正式版于9月20日发布,包含了热备份、联机升级等一系列全新特性。在Mysql从属于Oracle的今天PostgreSQL给了我们另一个选择,它不从属于任何商业组织,完全开源。使用BSD软件许可,软件使用非常自由。PostgreSQL 9.0 的新特性包括:

更容易的数据库权限管理
大大加强了对存储过程的支持
全面支持64位Windows系统
支持热备份 数据流复制 联机升级
提供 64位 Windows 编译版本

发布公告:http://www.postgresql.org/about/news.1235
新特性说明:http://www.postgresql.org/docs/9.0/static/release-9-0

nginx(发音同 engine x)是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,并在一个BSD-like 协议下发行。由俄罗斯的程序设计师Igor Sysoev所开发,最初供俄国大型的入口网站及搜寻引擎Rambler(俄文:Рамблер)使用。其特点是占有内存少,并发能力强,事实上 nginx的并发能力确实在同类型的网页伺服器中表现较好.
目前中国大陆使用nginx网站用户有:新浪、网易、腾讯,另外知名的微网志Plurk也使用nginx。

Changes with nginx 0.8.50                                        02 Sep 2010

*) Feature: the "secure_link", "secure_link_md5", and
"secure_link_expires" directives of the ngx_http_secure_link_module.

*) Feature: the -q switch.
Thanks to Gena Makhomed.

*) Bugfix: worker processes may got caught in an endless loop during
reconfiguration, if a caching was used; the bug had appeared in
0.8.48.

*) Bugfix: in the "gzip_disable" directive.
Thanks to Derrick Petzold.

*) Bugfix: nginx/Windows could not send stop, quit, reopen, and reload
signals to a process run in other session.

下载地址:
WIN:http://nginx.org/download/nginx-0.8.50.zip
LINUX:http://nginx.org/download/nginx-0.8.50.tar.gz

  1. 1
  2. ...
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10