Dropbear

Tag: WordPress

  • WordPress 4.3 getting slow you might need an update

    I recently received Debian bug report #798350 where the user had a problem with wordpress. After upgrading to version 4.3, the webservers performance degrades over time.  The problem is also reported at the wordpress site with bug WordPress ticket 33423 including the fix.

    I have backported the relevant changeset and uploaded Debian wordpress package 4.3+dfsg-2 which only contains this changeset.  For a lot of people, including myself, you probably won’t hit this bug but if it impacts you, then try this update.

  • Debian, WordPress and Multi-site

    For quite some time, the Debian version of WordPress has had a configuration tweak that made it possible to run multiple websites on the same server. This came from a while ago when multi-site wasn’t available. While a useful feature, it does make the initial setup of WordPress for simple sites more complicated.

    I’m looking at changing the Debian package slightly so that for a single-site use it Just Works. I have also looked into the way WordPress handles the content, especially themes and plugins, to see if there is a way of updating them through the website itself. This probably won’t suit everyone but I think its a better default.

    (more…)

  • WordPress 4.1 for Debian

    Release 4.1 of WordPress came out on Friday so after some work to fit in with the Debian standards, the Debian package 4.1-1 of WordPress will be uploaded shortly.  WordPress have also updated their themes with a 14-day early theme called twentyfifteen.  This is the default theme for WordPress 4.1 on-wards.

    (more…)

  • WordPress 4.0.1 fixes for Debian stable

    Previously I posted a short article about the WordPress package for Debian and how that SID was getting the updated WordPress 4.0.1 which had some security fixes.

    The question a lot of people were asking was: What about stable (or Wheezy).  After way too much time due to other pressing issues, I have just uploaded the patched WordPress debian package for stable.  The fixed version has the catchy number of 3.6.1~deb7u5.  This package has all of the relevant patches that went in from WordPress 3.7.4 to 3.7.5 and there are even CVE IDs for this package (and 4.0.1 which all this stems from).

    (more…)

  • WordPress 4.0.1 for Debian

    WordPress recently released an update that had multiple security patches for their (then) current version 4.0. This release is 4.0.1 and includes important security fixes.  The Debian packages got just uploaded, if you are running the Debian packaged wordpress, you should update to 4.0.1+dfsg-1 or later.

    I am going to look at these patches and see if they can and need to be backported to wordpress 3.6.1. Unfortunately I believe they will be. I’m also asking it to be unblocked into Jessie as it is a security fix.

    There was, at the time of writing, no CVE numbers.

  • WordPress 4.0 for Debian

    Yesterday WordPress released version 4.0 or “Benny” of WordPress. I have now downloaded it and packed up for Debian users. The files just hit the ftp-master a few minutes ago and will then be distributed out to the various Debian mirrors.

    The upgrade should go smoothly but you will probably need to upgrade the twentytwelve/twentyfourteen themes if you have them installed. It seems release 4.0 they also updated these themes.

    My next Debian task for wordpress is to re-examine the permissions and locations of wp-content to see if we can have something that permits online updates of the plugins and themes but is still FHS compliant. I’ve also had some people report they have some installation problems, mainly around configuration and directories so let’s see if that can get fixed too.

     

    Related articles

  • WordPress 3.9.2 for Debian

    WordPress released today a security release 3.9.2 which they fix several security issues, including a denial of service issue around XML.  The corresponding Debian package 3.9.2+dfsg-1 is currently being uploaded to the Debian ftp-master server as I write this and should be available on the mirrors soon.

    Unfortunately at the time of writing, there are no CVE identifiers to match these problems up with, but refer to the wordpress page for details about these bugs.

    Andrew Nacin from WordPress has kindly outlined what versions are susceptible and it looks like the Debian squeeze (3.6.1+dfsg-1~deb6u4)  and wheezy (3.6.1+dfsg-1~deb7u3) are vulnerable to at least some of these bugs which means for me its patch reading and back-porting time

     

    Related articles

  • WordPress 3.9.1

    The Debian package of WordPress version 3.9.1 was uploaded to the ftp master recently.  While the update was pretty simple, the upload took a lot more doing. I’m not sure why the Debian ftp-master server didn’t like me, but it was so slow. Strangely, even dcut uploads were slow and they are only a few lines of text.

    Apologies for the delay too, I’m not sure why I didn’t notice the update from 3.9 to 3.9.1 but there you go.

    The other change is that the package uses the system CA certificates rather than the ones pre-shipped with wordpress. This is done so that if the administrator makes decisions on what certificates to trust, then the wordpress client http libraries will follow that decision.

  • WordPress update needed for stable too

    Yesterday I mentioned that wordpress had an important security update to 3.8.2  The particular security bugs also impact the stable Debian version of wordpress, so those patches have been backported.  I’ve uploaded the changes to the security team so hopefully there will new package soon.

    The version you are looking for will be 3.6.1+dfsg-1~deb7u2 and will be on the Debian security mirrors.

    Enhanced by Zemanta

  • Important WordPress update

    WordPress 3.8.2 was released yesterday which contains some important security fixes. This is an important security release and the Debian packages were uploaded to the ftp-master a few minutes ago.

    Besides fixing Debian Bug #744018, the release fixes the following two vulnerabilities (as mentioned in the bug report):

    • CVE-2014-0165 WordPress privilege escalation: prevent contributors from publishing posts
    • CVE-2014-0166 WordPress potential authentication cookie forgery

    I recommend if you use the Debian package to upgrade as soon as it is available.

     

    Related articles
    Enhanced by Zemanta