The Edgar's Corner

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update Immediately, Particularly if your blog Has open registration. The vulnerability is not public But it Will Be shortly.

In addition to the security fix, 2.5.1 contains many bug fixes. , and wp-admin/media.php . If you are interested only in the security fixes, You Can Download These corrected copies of wp-includes/pluggable.php , wp-admin/includes/media.php , and wp-admin/media.php . Replace your existing copies of These These files with new copies.

If you download The entire 2.5.1 release, You Will Be getting over 70 other fixes . 2.5.1 Focus on fixing the most annoying bugs and Improving Performance. Here are some highlights:

• Performance Improvements for the Dashboard, Write Post, and Edit Comments pages.
• Better performance for Those Who Have many categories
• Media Uploader fixes
• An upgrade to TinyMCE 3.0.7
• Widget Administration fixes
• Various usability Improvements
• Layout fixes for IE

Secret lives of blogs

which basically is meant to introduce a little permanent randomness into the cryptographic functions used for cookies in WordPress. Since 2.5 your wp-config.php file Allows a new constant called SECRET_KEY Basically Which Is Meant To Introduce a little permanent randomness into the cryptographic functions Used for cookies in WordPress. Can you visit this link we get to set up a unique secret key for your config file. (It's unique and random on Every page load.) HAVING this line in your config file helps secure your blog.

Many thanks to Steven Murdoch for Responsibly reporting the security issue (CVE-2008-1930) and Alex Concha for reporting an XSS issue.