2.8.6 solutions 2 safety troubles that can be made use of by signed up, visited individuals that have uploading opportunities. If you have untrusted writers on your blog site, updating to 2.8.6 is suggested.
The very first trouble is an XSS susceptability in Press This uncovered by Benjamin Flesch. The 2nd trouble, uncovered by Dawid Golunski, is a concern with sterilizing uploaded data names that can be made use of in specific Apache arrangements. Many thanks to Benjamin and also Dawid for searching for and also reporting these.