WordPress 3.1 beta 1刚发布几天,WordPress就爆出了安全漏洞。WordPress官方紧急发布了WordPress 3.0.2,在后台可以看到升级提示。

最关键的是,这个安全漏洞影响到了WordPress之前发布的所有版本的WordPress。

WordPress安全漏洞描述:

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

WordPress 3.0.2的发布主要修复一个常规的安全漏洞,这个漏洞可以让别有目的的用户获得更多的用户数据,3.0.2的发布,除了修复了这个功能,对WordPress常规的安全也做了更新,使得WordPress更加安全。

感谢Vladimir Kolesnikov为这个安全漏洞提供详细的说明。

WordPress 3.0.2 下载地址:http://wordpress.org/latest.zip

官方原文

Posted November 30, 2010 by Mark Jaquith. Filed under Releases,Security.

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

nginx(发音同 engine x)是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,并在一个BSD-like 协议下发行。由俄罗斯的程序设计师Igor Sysoev所开发,最初供俄国大型的入口网站及搜寻引擎Rambler(俄文:Рамблер)使用。  其特点是占有内存少,并发能力强,事实上nginx的并发能力确实在同类型的网页伺服器中表现较好.
目前中国大陆使用nginx网站用户有:新浪、网易、腾讯,另外知名的微网志Plurk也使用nginx。

Changes with nginx 0.9.0 29 Nov 2010
*) Feature: the "keepalive_disable" directive.
*) Feature: the "map" directive supports variables as value of a defined variable.
*) Feature: the "map" directive supports empty strings as value of the first parameter.
*) Feature: the "map" directive supports expressions as the first parameter.
*) Feature: nginx(8) manual page. Thanks to Sergey Osokin.
*) Feature: Linux accept4() support. Thanks to Simon Liu.
*) Workaround: elimination of Linux linker warning about "sys_errlist" and "sys_nerr"; the warning had appeared in 0.8.35.
*) Bugfix: a segmentation fault might occur in a worker process, if the "auth_basic" directive was used. Thanks to Michail Laletin.
*) Bugfix: compatibility with ngx_http_eval_module; the bug had appeared in 0.8.42.

下载地址:
WIN:http://nginx.org/download/nginx-0.9.0.zip
linux:http://nginx.org/download/nginx-0.9.0.tar.gz

QQ产品团队通过持续努力,全新推出了体验更加流畅、功能更加完善的 QQ2010 正式版 SP3.1。在此,我们诚邀您申请并下载体验最新版本,同时欢迎大家将体验感受及时反馈给我们。您反映的每个问题都会有专人跟进。让我们一同把属于你我的QQ打造成一款优秀的即时通信软件。

QQ2010 正式版 SP3.1what’s new:
1.随时清理QQ运行过程中产生的缓存文件,有效节省硬盘空间;
2.随心定制QQ界面上的内容,您的地盘您做主。

访问:QQ2010正式版 SP3.1优先体验