Model 3.0.4 of WordPress, out there instantly by way of the replace web page in your dashboard or for download here, is a vital replace to use to your websites as quickly as attainable as a result of it fixes a core safety bug in our HTML sanitation library, known as KSES. I’d price this launch as “vital.”
This concern impacts all variations of WordPress prior to three.0.4, so if you’re nonetheless on a 2.X launch it is advisable to replace as properly.
I understand an replace throughout the holidays isn’t any enjoyable, however this one is value placing down the eggnog for. Within the spirit of the vacations, contemplate serving to your pals as properly.
In case you are a safety researcher, we’d recognize you taking a look over this changeset as properly to overview our replace. We’ve given it plenty of thought and overview however since that is so core we wish as many brains on it as attainable. Due to Mauro Gentile and Jon Cave (duck_) who found and alerted us to those XSS vulnerabilities first.