WordPress MU is a multi user or multi blog version of WordPress that is used to run sites like WordPress.com.
Today’s WordPress MU release is 2.8.4, a security release that fixes an annoying bug that allowed any user to reset the admin password. Your password was never at risk however so it’s more an annoyance than anything else.
Oh, thanks to everyone who tested the exploit on my blog. See? You didn’t get my password! 
Upgrade automatically from within your dashboard (first fix the upgrader if you haven’t updated to 2.8.3 yet), or download the new release from the download page and upgrade manually, overwriting your current install with the new files.
Edit: James Collins noticed that line 164 of wp-login.php wasn’t merged properly. If you downloaded 2.8.4, please grab 2.8.4a. Thanks James for the prompt feedback!
28 Comments
Franco Cedillo (1 comments.) on August 12, 2009 at 11:42 am.
It’s done! Thanks!
Pingback: WordPress MU 2.8.4 - Version 284, Eine Aktualisierung ist dringend empfohlen, Wie immer gilt Vor dem Update ein vollständiges Backup von Datenbank und Dateien, Eine, Aktualisierung, WordPress - WordPress MU Deutschland
kgraeme on August 12, 2009 at 2:03 pm.
Minor bug.
Thanks for the quick 2.8.4a. I saw the announcement last night, but I’ve learned to wait a little bit to see if it was a clean merge or not.
Diablo (1 comments.) on August 12, 2009 at 2:46 pm.
Well done, my blog has not been attacked anyway
Pingback: WordPress MU 2.8.4a is now available! I… « Javamancy mini
WordSkill (11 comments.) on August 12, 2009 at 3:23 pm.
Hmmm … you know, I was joking in the 2.8.3 comments when I said “I look forward to next week’s release of 2.8.4″
Oh well, roll on 2.8.5
mwaterous (9 comments.) on August 12, 2009 at 9:27 pm.
I give it two days.
TI (1 comments.) on August 12, 2009 at 3:34 pm.
And the merge wordpress in wordpress mu?
Some news?
Pingback: Wordpress 2.8.4 disponible para descargar
david windham (2 comments.) on August 12, 2009 at 4:39 pm.
@wordskill.. I saw that and I think you might have jinxed it, and @donncha – thks
Ulysses (4 comments.) on August 12, 2009 at 8:55 pm.
Donncha, Thanks for the quick update. I received an email from one of my blogs (not MU) asking for a password reset. I ignored it. The bug is harmless, but it is annoying. Thanks.
Pingback: Wordpress 2.8.4, 2.8.5 just around the corner! « Mark.
Pingback: Actualización de Multiblog a la versión 2.8.4a de WPMU
Vikram (2 comments.) on August 13, 2009 at 10:06 am.
Thanks for the update.
When I log into my admin area, at the bottom of the page, on the left hand side it says: Thank you for creating with WordPress MU 2.8.4a.
However, on the same line, on the right hand side, it says:
You are using a development version (2.8.4). Cool! Please stay updated and links to download the latest version.
Curious.
In the actual blog the generator is:
What gives? Do I or do I not have 2.8.4a?
Vikram
Donncha (1707 comments.) on August 13, 2009 at 11:37 am.
Vikram – you’re using 2.8.4a, sorry for the confusion. The “You are using a development version” message should disappear next time your site checks the version number today.
Unfortunately the footer will say 2.8.4 on the right but that’s incorrect. The version number on the left is correct.
Sara on August 13, 2009 at 3:17 pm.
Hi, I have an upgrade question that’s been bothering me, as a mere mortal in the world of software installation.
My website is currently running WordPress MU 2.6.5. I would like to upgrade to 2.8.4a. Can I just do a single upgrade, or do I have to upgrade to 2.7, then 2.8.1, etc.?
Your instructions are generally very clear, thanks so much, and I hope you can help me out with figuring this one out.
Pingback: Another new release, and upcoming - WPMU Tutorials
Robert (7 comments.) on August 13, 2009 at 9:03 pm.
When I try to auto-upgrade from 2.8.4 to 2.8.4a I get this error:
Downloading update from http://mu.wordpress.org/nightly-builds/wordpress-mu-latest.zip.
Download failed.: Not Found
Installation failed
Stephen on August 14, 2009 at 1:50 pm.
Hi Donnacha,
Quick question, is there a simple mailing list one can subscribe to, so I can get an email when a new version/update of WP or WPMU appears? (I’ve looked. I dont have a wordpress account.) I was hoping of a nice quite mailing list I can join.
Thanks,
Stephen
Donncha (1707 comments.) on August 14, 2009 at 1:58 pm.
There’s no mailing list, but you can subscribe to the rss feed for the WordPress category on this blog. There’s the occasional post about other plugins but it’s low noise and on-topic.
blockport on August 17, 2009 at 2:27 pm.
what are the chances that WordPress MU will be scrapped, Matt has been speaking of some sort of merger of wordpress standard and MU?
mwaterous (9 comments.) on August 17, 2009 at 8:38 pm.
Technically speaking, it’s not being scrapped at all. In one sense, it means MU is becoming the standard, as of the merger.
What I’d like to know is what they plan on doing with mu.wordpress.org, and more importantly the forums. Are they going to be merged? Are we going to have to mingle with all those old-time stand-aloners? Must we bump elbows now? *shudder* I heard they make their martini’s with vodka instead of gin.
alfon (1 comments.) on August 17, 2009 at 4:00 pm.
well done its work thank especial security release
Mohit Kumar (1 comments.) on August 21, 2009 at 5:15 am.
Hey NICE WORK keep it up..Learning tits and bits of WordPress hope to contribute in this amazing work soon.
I have a question regarding timthumb.Usually when we use tithumb it points the themes folder in the blog directory.
But as in WPMU the blog directory is different how can we use the timthumb script situated at the themes folder.
It is the basic consideration for pulling the post thumbnails.
Thanks
Robert (7 comments.) on August 21, 2009 at 10:32 am.
I also ran into this problem, here is my workaround:
<img src="/wp-content/themes/themename/thumb.php?src=http://example.com/wp-content/blogs.dir//ID, “image”, $single = true); ?>&h=57&w=100&zc=1&q=95″ alt=”" />
-Robert
Robert (7 comments.) on August 21, 2009 at 10:34 am.
Pastebinlink: http://pastebin.ca/1537472 since WP striped out the php tags in my post.. Should have seen that one coming…
Gary (3 comments.) on September 5, 2009 at 8:16 pm.
Donncha,
Does this attack that is going round at the moment affect earlier versions of WordPress MU? Since keeping MU totally up to date can be a bit tricky I’m wondering if this affects 2.7 users etc.
Pingback: Upgrading WPMU | Lannen Designs