NEW: Upgrade to 1.5.2

Ohh, I just realise, that the WordPress developers have silently updated the tarball with the fixed version.

Very nice action. So now some of the people that upgraded to 1.5.2 are vulnerable and some not…

ionic: the faulty archive was only up for a very short time window.

The problem was corrected and a new archive put in place before the announcement of the new version went public.

..further to mySql error … I have fixed my problem. The error (as usual) was me – I was required to edit one of the newly replaced files listed in the ‘unofficial’ upgrade suggestions – wp-settings.php … my USERONLINE script required that I modify that file, and add $wpdb->useronline = $table_prefix . 'useronline'; in there after the $wpdb->postmeta line. I did that on the first one, but not on the second – or, I thought I did on both but uploaded the new file without saving the changes first, so it was like not changing anything.

Dougal: just to clarify (since I was, for once, reasonably quick on the ball with the announcement & upgrade) ~ if I reacted to the announcement in these forums and downloaded after that time, I should be OK?

Can I verify this with time-stamps or anything? Damn, sorry to pick up on the panic… *sigh*

Dougal you are a liar.

The blog entry about WordPress 1.5.2 is from 14th. The fix was commited to the subversion tree on the 15th. After that point the tarball was silently replaced at an unknown point in time.

Actually I learned about the new version from the blog entry. So please don’t lie to the WordPress users.

I hate to be the one to say this but time for some to take a break – and preferably cut back on the coffee. This has become childish and doesn’t belong here. At least please take it backchannel so the rest of us don’t have to be exposed to it.

ionic, Dougal is correct. The hackers list all covers this, Matt said on the hackers list that the problem was fixed immediately after it was reported and the only people that would have the old package were people who may have been on IRC at the time. Now, if you have any more silly accusations, take them to the hackers list. The date of a subversion commit is nothing more than the time that it was committed.

masquerade, your post was fine… up to the end. Please edit out the inflammatory remark and let’s all move on.

masquerade… the timestamp in the tarball I have and the timestamp in the current tarball are 9 hours different.

How should that be possible if it was a very fast replaced…

And how should it be fixed before the announcement. I read the blog entry, downloaded it and then reported the bug to Matt. So I am capable of time travelling…

Ionic, you’re not the only one capable of submitting security bug reports. You didn’t time travel, someone else beat you to the punch. Please, let’s just drop it and move on.

macmanx: thats why the fix is credited to me in the subversion tree. nice try…

ionic: thanks for pointing out the issue. The information we have is that the current archives are updated with a fix, and that people who downloaded it earlier on the release date may not have had the final version.

Now please take it to blogs, or mailing lists, and whatnot; leave this forum thread alone. It is an avenue to get help with upgrading. Thanks.

To PetLvr – You may want to check your “wp-settings.php” file. Some plugins ask you to add content to that file and you may have forgotten about adding the content back into the updated file.

Added: Nevermind – I saw you figured it out….

Thanks for the changed files zip and link, Firas and podz. This upgrade went great.

Is there any language .po file changes?