WordPress 2.6.5 Released [Recommended]
by Kevin on November 25, 2008
The fourth update since the major 2.6 release has been issued, which fixes one security problem and three bugs. It is recommended that everyone upgrade to this release.
The main security problem is an XSS exploit discovered by Jeremias Reith that affects IP-based virtual servers running Apache 2.x. You will be able to “update” simply by copying the wp-includes/feed.php and wp-includes/version.php from the new release package.
Detailed list of changes:
- Added a check for the correct post_type to
blogger.editPostandblogger.deletePost(#8267). - Updates to
update_post_meta()anddelete_post_meta()to ensure they work correctly with post revisions and don’t create the meta on the revision instead of the post (#7925). - Protection for a very difficult to exploit XSS issue (#8291).
- Fix for an XSS issue with the Atom and RSS feeds on some hosting setups ([9754], [9770]).
To download this update, please go to the official WordPress download page and do not download it from any other source.
More documentation can be found here and on the WordPress blog.
WordPress 2.6.4 has been skipped due to the confusion that was created over the fake version recently – there will never be a “.4″ version.
6 comments
Y’know, I didn’t even notice that there was an update to WP. Now I checked my dashboard and you’re right. I guess I’d better go do this (although the updates always scare me, something’s bound to screw up or at least it does more times than not).
by jafer on November 27, 2008 at 12:09 am. #
Y’know, I didn’t even notice that there was an update to WP. Now I checked my dashboard and you’re right. I guess I’d better go do this (although the updates always scare me, something’s bound to screw up or at least it does more times than not).
by jafer on November 26, 2008 at 7:09 pm. #
Ok, you talked me into it… I upgraded.
by jafer on November 29, 2008 at 1:52 am. #
@jafer – I skipped the 2.6.5 update and went with WordPress 2.7 (beta) and it’s shaping up quite well. It is definitely worth the “upgrade” and there have only been a few minor bugs. I’ve been using it since the first (or second) initial beta.
by Kevin on December 2, 2008 at 5:08 am. #
Ok, you talked me into it… I upgraded.
by jafer on November 28, 2008 at 8:52 pm. #
@jafer – I skipped the 2.6.5 update and went with WordPress 2.7 (beta) and it’s shaping up quite well. It is definitely worth the “upgrade” and there have only been a few minor bugs. I’ve been using it since the first (or second) initial beta.
by Kevin on December 2, 2008 at 12:08 am. #