2.8.6 solutions 2 safety and security issues that can be made use of by signed up, visited individuals that have publishing opportunities. If you have untrusted writers on your blog site, updating to 2.8.6 is suggested.
The initial trouble is an XSS susceptability in Press This uncovered by Benjamin Flesch. The 2nd trouble, uncovered by Dawid Golunski, is a problem with sterilizing uploaded data names that can be made use of in particular Apache arrangements. Many thanks to Benjamin as well as Dawid for searching for as well as reporting these.