Model 3.0.4 of WordPress, obtainable instantly by way of the replace web page in your dashboard or for download here, is an important replace to use to your websites as quickly as doable as a result of it fixes a core safety bug in our HTML sanitation library, known as KSES. I’d charge this launch as “crucial.”
This challenge impacts all variations of WordPress prior to three.0.4, so in case you are nonetheless on a 2.X launch it’s essential to replace as properly.
I notice an replace in the course of the holidays isn’t any enjoyable, however this one is value placing down the eggnog for. Within the spirit of the vacations, take into account serving to your folks as properly.
If you’re a safety researcher, we’d recognize you taking a look over this changeset as properly to evaluation our replace. We’ve given it loads of thought and evaluation however since that is so core we wish as many brains on it as doable. Due to Mauro Gentile and Jon Cave (duck_) who found and alerted us to those XSS vulnerabilities first.