2.8.6 solutions 2 safety and security troubles that can be manipulated by signed up, visited customers that have publishing advantages. If you have untrusted writers on your blog site, updating to 2.8.6 is suggested.
The very first trouble is an XSS susceptability in Press This uncovered by Benjamin Flesch. The 2nd trouble, uncovered by Dawid Golunski, is a concern with disinfecting uploaded documents names that can be manipulated in specific Apache arrangements. Many thanks to Benjamin as well as Dawid for searching for as well as reporting these.