Stay Secure, Upgrade WordPress
October 24th, 2008 by David Bradley >> 4 Comments
A minor security vulnerability has been discovered in the Snoopy library using to fetch the newsfeeds displayed in your WordPress Dashboard. Version 2.6.3 of WordPress is now available to download, but you don’t have to go through the rigmarole of a full upgrade, nor is there any need to run WordPress Automatic Upgrade if your current version is 2.6.2.
Simply download the following three files, rename the originals on your server with .bak as an extension and then copy (FTP) these version 2.6.3 files to your installation and you’re done. NB First two are in wp-includes, third is in wp-admin/includes. Two different folders.
1. wp-includes/class-snoopy.php
2. wp-includes/version.php
3. wp-admin/includes/media.php
"Deceived Wisdom: Why What You Thought Was Right Is Wrong" from David Bradley. Available now on 
Leave a comment ↓
Kim Woodbridge // Oct 24, 2008 at 9:07 pm
Ahh … great minds post on the same thing on the same day. According to Joost, there is a 3rd file that should be upgraded as well. http://yoast.com/install-wp-263/
And rigmarole is a great word
Rudy // Oct 24, 2008 at 9:42 pm
Awesome. That was easy!
Ari Herzog // Oct 25, 2008 at 6:16 am
I haven’t done this yet, but FYI, Mark Cahill wrote there are some problems installing via the Auto Upgrade: http://www.allthingscahill.com/2008/10/wordpress-263-released-and-issues-with-auto-upgrade/
David Bradley // Oct 25, 2008 at 10:06 am
@Kim Thanks for pointing out that media.php needs upgrading, the WP site didn’t say that at the time.
@Rudy Makes a change for something to simple
@Ari I don’t think you need WPAU for this upgrade. I know some people have had problems with it, but I find that doing the cleanup and running it again, usually suffices to get you from one version to the next without any long-term issues. It’s nice that it reactivates only the plugins you had activated, saves you having to remember which ones were running before the upgrade.