Picture of Jürgen Kreileder

WordPress Security Annoyances

As if the unprofessional handling of security announcements (see Another WordPress Security Update and More on Security Announcements) wouldn’t be bad enough, the WordPress developers also seem to have problems with organizing releases.

Stefan Esser reports that there are two WordPress 1.5.2 versions. The first one, which didn’t fix the problem it was supposed to fix, was available for download for several hours before it silently was replaced by the fixed second version.

It’s hard to understand why the version number wasn’t bumped for the second release and why the WordPress developers didn’t inform users about the mistake.

The comments from the WordPress crowd are a bit weak in my opinion. If there’s FUD about WordPress’ security it’s the sole fault of the WordPress developers!

This article Jürgen Kreileder is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.


Stay in touch with the conversation, subscribe to the RSS feed for comments on this post. Both comments and pings are currently closed.

cyDome wrote

WordPress 1.5.2 wurde stillschweigend ausgetauscht

Scheinbar wurde die aktuelle Version 1.5.2 von WordPress heimlich durch eine fehlerbereinigte Version ersetzt. Jürgen Kreileder weist in einem Kommentar darauf hin. (Besten Dank!) Offenbar enthielt das ursprüngliche Update noch eine Sicherheitslück…

Bill White said

I ran this through a translation routine, then translated fehlerbereinigte to fly-by-night based on similarity to English. I think Sicherheitslück means “security risk”.

Apparently the current version 1.5.2 of WordPress was replaced secretly by a fly-by-night version. Jürgen Kreileder refers in a commentary on that. (Many thanks!) Obviously the original Update contained another Sicherheitslück… (probablyt “security risk”).

“Security risk” for “Sicherheitslücke” (the last ‘e’ got cut off in the comment) is OK. “Security problem” or “vulnerability” might be a bit better in this context.

“Fehlerbereinigt” means that bugs have been fixed, ie. “fehlerbereinigte Version” means “fixed version”.