WordPress Security Update

If you haven’t heard…

3.0.4 Important Security Update

Posted December 29, 2010 by Matt Mullenweg. Filed under Releases,Security.

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

Original url: http://wordpress.org/news/2010/12/3-0-4-update/

In another words, if you have WordPress installed on your server, update now. Regardless to say that most likely someone was hacked with this sploit.

Have fun and Happy Holidays.

Advertisements

About mcloide

Making things simpler, just check: http://www.mcloide.com View all posts by mcloide

One response to “WordPress Security Update

  • revolt78

    how to update to Version 3.0.4?
    My user on wordpress.com and I login to it using a free account at wordpress.com whether there is a solution

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: