site upgraded minimally to wordpress 2.1.1 from 2.1
As I noted earlier in the live journal for this blog, I noticed a new version of wordpress.org server software was released two days ago. It took me by surprise (again) since I didn’t receive any email notice. I signed up for release notice last time when I stumbled upon the then latest 2.0.7 bug-fix release. This time, I couldn’t locate the release note to determine what bugs get fixed and what security fix is in.
To follow my own advice on keeping all software components up-to-date in order to secure wordpress server or other LAMP servers (part I), I want to assess how risky the upgrade is w/o knowing exactly what benefits I’ll get from the latest wordpress 2.1.1 release. My thinking is, if the changed files are not customized locally, the hassle factor should be minimal.
I went ahead to check the list of files modified since wordpress 2.1. Here is the list of files modified from 2.1 to 2.1.1 release ,as listed on wordpress.org’s site.
wp-includes/post-template.php
wp-includes/cache.php
wp-includes/formatting.php
wp-includes/category.php
wp-includes/post.php
wp-includes/version.php
wp-includes/js/scriptaculous/wp-scriptaculous.js
wp-includes/js/tinymce/tiny_mce_config.php
wp-includes/js/tinymce/wp-mce-help.php
wp-includes/js/tinymce/tiny_mce_gzip.php
wp-includes/capabilities.php
wp-includes/cron.php
wp-includes/functions.php
wp-includes/bookmark-template.php
xmlrpc.php
wp-admin/admin-ajax.php
wp-admin/admin-functions.php
wp-admin/custom-header.php
wp-admin/options-general.php
wp-admin/edit.php
wp-admin/index-extra.php
wp-admin/options-reading.php
I was lucky in that no customization is done for all these files, after comparing these files in the 2.1 release and their counterparts in the wordpress directory for this blog. One exception was noted, that wp-includes/js/scriptaculous/wp-scriptaculous.js is a new file instead of a modified version. There was a call to it from /wp-includes/script-loader.php in WP 2.1 release though. So, the addition certainly fixed a no-such-file-or-directory bug 
To get the security fix, I decided to upgrade now instead of digging more to locate the release notes. The timing was good too: 00:30 EST.
Here are the steps I took. These steps are similar to the minimal upgrade I did from 2.0.6 to 2.0.7. They are not exactly recommended by Wordpress.org.
- to backup: backed up the wordpress directory (rsync from ramdisk to real disk)
- to upgrade: overwrote the list of files with those from the new 2.1.1 release
- to verify: compare the files against their counterparts in the new 2.1.1 release to make sure the new version is in.
- to make it effective: stop, pause, then start Apache server (had problem with graceful or even simple restart before).
- to verify: clear cache for my firefox browser, then log back in as admin for the blog
- to upgrade database: got promoted to update the database. one click away it is done.
- to verify: compose this post to report good news
I still wonder where the release note is located or if there is one compiled other than notes that scattered in the CVS or Subversion repository. I couldn’t find it even in the release tarball, wordpress-2.1.1.tar.gz. The readme.html therein basically was for 2.1 release. Without a detailed release note, it is hard to decide whether/when to upgrade, and hard to verify if the bugs actually get fixed for one’s particular setup or not. In short, no warm-fuzzy feelings other than now this blog server is running with the latest wordpress.org blog server software.
