WordPress 3.0.5 Released

It looks like it’s time to update WordPress again …

An update to the popular WordPress blogging platform has just been released. The announcement should appear in the admin interface of the WordPress blog. If it does not check the Updates entry on the left sidebar of the admin menu.

According to the developers, WordPress 3.0.5 is a ” security hardening update for all previous WordPress versions” that fixes two moderate security issues and one information disclosure issue, and adds two security enhancements to the blogging application.

The security issues could have allowed “a Contributor- or Author-level user to gain further access to the site”, the information disclosure issue “could have allowed an Author-level user to view contents of posts they should not be able to see”.

The two security enhancements “improved the security of any plugins which were not properly leveraging our security API” and “offer additional defense in depth against a vulnerability that was fixed in previous release”. (via)

wordpress 3 0 5

The summary lists the following changes:

  • Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
  • Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.
  • Fix potential information disclosure of posts through the media uploader. Affects users of the Author role.
  • Enhancement: Force HTML filtering on comment text in the admin
  • Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid.
  • Update the license to GPLv2 (or later) and update copyright information for the KSES library

WordPress 3.0.5 is available for download at the official WordPress site as well for users who want to install the update manually on their server.


© Martin for gHacks Technology News, 2011. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , ,

Link to Original Content

Tags: , , ,

Comments are closed.