Hello,
Could I please get a bit of clarification on the 3.8.5 release?
There seems to be a 3.x password weakness security issue that has been addressed in the 3.7 / 4.0 announcement from today, but it only quickly mentions that 3.8.5 doesn't have this issue.
However, the 3.8.5 announcement lists 4 template changes and some bug fixes, but it doesn't seem to list any bug fix about this password security thing.
It's specifically mentioned to be a maintenance release, and usually a security patch causes a PL release, or specifically mentioned in the full upgrade.
Does that mean it was unannounced in the 3.8.5 announcement? But actually fixed? But was decided to not mention it (which I find strange, since it is Security! related)
Or does this mean 3.8.5 users have to re-download and run upgrade.php again to fix this?
Are the plugins involved identified? Could we be informed which ones so we can disable those on the forums?
And for those who are under the 3.x license type and who's license has expired and do not have access to a free security patch; you can find an unofficial one here.
Could I please get a bit of clarification on the 3.8.5 release?
There seems to be a 3.x password weakness security issue that has been addressed in the 3.7 / 4.0 announcement from today, but it only quickly mentions that 3.8.5 doesn't have this issue.
However, the 3.8.5 announcement lists 4 template changes and some bug fixes, but it doesn't seem to list any bug fix about this password security thing.
It's specifically mentioned to be a maintenance release, and usually a security patch causes a PL release, or specifically mentioned in the full upgrade.
Does that mean it was unannounced in the 3.8.5 announcement? But actually fixed? But was decided to not mention it (which I find strange, since it is Security! related)
Or does this mean 3.8.5 users have to re-download and run upgrade.php again to fix this?
Are the plugins involved identified? Could we be informed which ones so we can disable those on the forums?
And for those who are under the 3.x license type and who's license has expired and do not have access to a free security patch; you can find an unofficial one here.
Comment