WordPress 2.6.5 Released [Recommended]
The fourth update since the major 2.6 release has been issued, which fixes one security problem and three bugs. It is recommended that everyone upgrade to this release.
The main security problem is an XSS exploit discovered by Jeremias Reith that affects IP-based virtual servers running Apache 2.x. You will be able to “update” simply by copying the wp-includes/feed.php and wp-includes/version.php from the new release package.
Detailed list of changes:
- Added a check for the correct post_type to
blogger.editPostandblogger.deletePost(#8267). - Updates to
update_post_meta()anddelete_post_meta()to ensure they work correctly with post revisions and don’t create the meta on the revision instead of the post (#7925). - Protection for a very difficult to exploit XSS issue (#8291).
- Fix for an XSS issue with the Atom and RSS feeds on some hosting setups ([9754], [9770]).
To download this update, please go to the official WordPress download page and do not download it from any other source.
More documentation can be found here and on the WordPress blog.
WordPress 2.6.4 has been skipped due to the confusion that was created over the fake version recently – there will never be a “.4″ version.
Y’know, I didn’t even notice that there was an update to WP. Now I checked my dashboard and you’re right. I guess I’d better go do this (although the updates always scare me, something’s bound to screw up or at least it does more times than not).
Ok, you talked me into it… I upgraded.
@jafer – I skipped the 2.6.5 update and went with WordPress 2.7 (beta) and it’s shaping up quite well. It is definitely worth the “upgrade” and there have only been a few minor bugs. I’ve been using it since the first (or second) initial beta.