WordPress 2.3.3 Security Release

WordPress version 2.3.3 has been released. This release, like the previous one, addresses an urgent security vulnerability that was found in the WordPress XML-RPC implementation. The flaw could allow any valid user on your blog to edit posts made by other users on your blog.

WordPress 2.3.3 also fixes some other minor bugs. If you don’t care about those minor bug fixes and just want to patch your blog against the XML-RPC vulnerability, you can download a fixed copy of xmlrpc.php and copy it to your WordPress installation directory, replacing the existing xmlrpc.php file.

You’re probably better off just downloading WordPress 2.3.3 and doing the full upgrade.

WordPress 2.3.2 Urgent Security Release

The WordPress folks have released WordPress 2.3.2, describing it as an urgent security release. This latest version fixes a bug that can be exploited to display your draft posts. Some changes have also been made to prevent certain error messages from giving away more information about your database than they need to. I would strongly advise that WordPress users install 2.3.2 ASAP.

WordPress 2.3.2 includes a new feature to allow you to customize the error page that’s displayed when WordPress can’t connect to your database. You can see the full list of changes between 2.3.1 and 2.3.2, you can also see which bugs are fixed in WordPress 2.3.2.

Head over to the 2.3.2 announcement post on the Dev Blog for the full story on WordPress 2.3.2. If you don’t care about any of that, you can just head straight to the download.

WordPress 2.2 Adds Tags

The NeoSmart Files noticed the addition of native tagging support to WordPress 2.2 in the SVN repository. What’s this mean for WordPress bloggers? Not much really, other than the fact you’ll no longer have to use a third-party plugin for tagging your posts or pages.

This is great for WordPress, tagging is something I expected to see with the release of 2.0, but that didn’t happen. Tags are something bloggers really want, native tags will just make WordPress an even more attractive blogging platform.

I’m going to have trouble leaving the Ultimate Tag Warrior plugin behind in favor of the new tagging system in WordPress 2.2. Ultimate Tag Warrior has been so nice to work with and is pretty much the de facto WordPress plugin for tags. Ultimate Tag Warrior has some features not found in the tag system native to WordPress 2.2, such as tag suggestions. Also, Ultimate Tag Warrior allows you to apply tags you’ve used previously to a post via a select form, something not found in WordPress 2.2 tags. Hopefully the WordPress team has those features planned for inclusion at some point.

Anyway, head over to The NeoSmart Files for more, they have a screenshot comparing Ultimate Tag Warrior to native tags in WordPress 2.2.