WordPress 2.8.6 is released!!!

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/

Related posts:

  1. Youtube code and other codes disappeared when published in WPMU? Have you ever encountered the mysterious error where the codes...
  2. Http error when uploading image to WordPress media If you have encountered error when uploading your images to...
  3. Internet Explorer 8 released… I have just installed the latest version of Windows Internet Explorer...
Posted on November 13, 2009 by .

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>