[wp-hackers] fixes for old versions

Jess Planck jess at funroe.net
Thu Jan 7 17:49:10 UTC 2010


Technically you might be right. I don't think any security issue has been reported.

I used to have a bookmark for a decent vulnerability reporting site, but right now I can only find:

http://www.us-cert.gov/cas/techalerts/

I know others can probably throw some better alert URLs up. Chances are if something shows up on one of those reporting sites it won't be long before it's in a script-kiddie package somewhere. I got hit once within 24 hours of the vulnerability report. Of course these days you can get mugged in church on Sunday, so security is tenuous. We've even used Nessus before, but that window to get the fix out there is getting shorter and shorter.

Jess

On Jan 7, 2010, at 11:27 AM, Steve Taylor wrote:

> Am I right in thinking that 2.9 and 2.9.1 haven't needed to address
> any security issues, so until 2.9.x is released to address security,
> the latest "security release", 2.8.6 is still safe?



More information about the wp-hackers mailing list