Picture of Jürgen Kreileder

Another WordPress Security Update

1.5.2 “Strayhorn” has been released today. The changelog mentions that several vulnerabilities have been fixed but — once again — the developers don’t provide any details! One has to look at the diffs to see what has been fixed.

I hate that kind of silly security by obscurity. Vague vulnerability descriptions are almost useless for administrators, just saying “we’ve fixed some security problems” is even worse!

August 15th, 2005: See this article for a reply to some comments I’ve received.

August 18th, 2005: The WordPress developers seem to have problems with release management too: There are two different 1.5.2 versions, read more in WordPress Security Annoyances.

This article Jürgen Kreileder is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

6 Comments

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post. Both comments and pings are currently closed.

[…] I’ve got to agree with the comments over at No Wow though: “The changelog mentions that several vulnerabilities have been fixed but — once again — the developers don’t provide any details! One has to look at the diffs to see what has been fixed… I hate that kind of silly security by obscurity. Vague vulnerability are almost useless for administrators, just saying “we’ve fixed some security problems” is even worse!” […]

cyDome wrote

WordPress-Team verheimlicht Details über Sicherheitslücken

Wordpress 1.5.2 ist jetzt verfügbar. Das Update enthält einige sicherheitsrelevante Bugfixes. Jürgen Kreileder beschwert sich, dass man keine Details über die Art der Sicherheitslücken erfährt:

I hate that kind of silly security by obscurity….

Changes in WordPress 1.5.2

my 2 cents…

WordPress 1.5.2

Gestern wurde die Version 1.5.2 von WordPress veröffentlicht. Wie im Weblog deutlich wird, wurden keine sichtbaren Updates vorgenommen. Hauptsächlich wurden Sicherheitslücken geschlossen. Eine detaillierte Liste der Änderungen gibt es im Support….

Have you seen this page in WordPress Support? There a few more informations about the changes in 1.5.2.

[…] While Matt & Co are keeping mum on the exact vulnerabilities that are being fixed, they claim to be doing so because there is already at least one exploit out in the wild and they believe releasing that info will simply make it easier for more exploits to be designed. I’m going to have to agree with Duncan Riley and some others that this type of security by obscurity is not appropriate. […]