I don't even use WordPress, but since no one else has mentioned it, I thought I ought to. The upgrades (2.2.2 and 2.0.1.1), which contain security and bug fixes, came out yesterday (http://wordpress.org/development/2007/08/wordpress-222-and-2011/).

Do you all normally keep track of stuff of like this? If everyone does, and this post is just piddling in the wind, let me know.

i do. i updated it 20 - 22 hours ago. :D

when i saw the news it was only a few hours after it's announcement.

yeah, I've got like 5 blogs to up date :S..it's on my todo list!

I knew it was released but have I updated, hahaha, not yet, I really need to get more timely at doing this.

...I really need to get more timely at doing this.

It's hard though because while its great software it seems like there is an update every week lately.

I hear that someone had created a plug in to automate WP updates. Has anyone else heard about this?

edit: I think John Chow mentioned it.

WordPress Automatic Upgrade Plugin (http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin-update.html)

It's hard though because while its great software it seems like there is an update every week lately.My fear is screwing something up. I am a huge proponent of if it ain't broke, don't fix it. :)

Though I agree they do release alot of updates, and here lately each one seems to require some special care in order to do it, or some features are changed and my old template tags do not work anymore. I say alot, not really alot but a few times this has happened.

I know the feeling, I had major issues with one of the last updates where my blogroll/links were not displaying correctly. I spent almost a week trying to accomplish what I had done prior to the update to no avail and had to hard code a few links in. It are those little things that really make me reluctant to upgrade, I don't have the time to figure out what goes wrong.

Thankfully this latest update seems relatively minor and as they put it, shouldn't affect any plugins or anything unless you possibly modified the core code.

My fear is screwing something up. I am a huge proponent of if it ain't broke, don't fix it. :)

haha. unfortunately this doesn't apply to some stuff, like software. :) you have to fix it, before it breaks, or more like got broken in.

WordPress Automatic Upgrade Plugin (http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin-update.html)

I am a little hesitant to use the plugin since it's so new. I'll let it break everyone else's blog, let them fix it, and then I'll use it when it's working!

I tried out that automatic update plugin and it worked for me greatly. It backs everything up before it updates.

The only thing I don't like around it is that you can't abort the procedure. Once you start the update, there is no way back.

Another reason for me to avoid it right now. Especially given that I'm using WordPress as a content management system and not a blog. :)

I tried the automatic upgrade on one of my blogs and it failed. So i am doing it by hand now.

Eek! Just found this: security alert (http://www.clazh.com/security-alert-wordpress-competition-winning-plugins-vulnerable/)

Well, I'm glad mine failed.

Me, too. 'Cause I would feel all responsible and shiznit.

Me, too. 'Cause I would feel all responsible and shiznit.

Hey Sam,

Would you mind giving a summery of the the vulnerability? The site you referenced is down with an internal server error. I've been working closely with Keith and if there is a problem then he needs to know about. I've been using this plugin successfully for a month now and helped troubleshoot a couple of bugs with it early on.

Thanks

The site's back up, Kirk, but I'll go ahead and summarize.

According to Clazh (http://www.clazh.com/security-alert-wordpress-competition-winning-plugins-vulnerable/), the Automatic Upgrade Plug-in allows unathorized users to generate and unload archives and backups, to update WP, and to turn plug-ins on and off.

It also says that the author has been notified.

Thanks Sam,

WAUP has since been updated. I haven't encountered any problem functionally using this to upgrade my site. Any problem encountered is usually a problem with certain host's clamping down on permissions and such. I still highly recommend it.

It might be of interest to know the original author of this "security alert" that Clazh quoted from (originally written in Spanish) never posted any further details about his findings like his testing platform, how he found out, what steps he took etc, nor did he even bother to first email the plugin authors about his findings before he published the post which is a major don't in this business.

Anyway, I appreciate you letting us know. I've emailed Anirudh, the plugin author of the OneClick plugin that I also use about this.