WordPress 3.0.2 is made obtainable immediately, and it's a obligatory safety replace for all earlier WordPress variations. This upkeep launch fixes a reasonable safety difficulty the place a malicious Creator-level consumer may acquire additional entry to the positioning. This launch additionally addresses a handful of bugs, and supplies some extra safety enhancements. Huge because of Vladimir Kolesnikov for detailed and accountable disclosure of the safety difficulty!
We advise that you simply replace instantly even in case you do not need untrusted customers. (Use our ultimate guide to Upgrade WordPress to be sure to do the whole lot proper)
Full record of updates made on this model:
- Repair reasonable safety difficulty the place a malicious Creator-level consumer may acquire additional entry to the positioning.
- Take away pingback/trackback blogroll whitelisting characteristic as it might probably simply be abused.
- Repair canonical redirection for permalinks containing %class% with nested classes and paging.
- Repair occasional irrelevant error messages on plugin activation.
- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
- Make clear the license within the readme
- Multisite: Repair the delete_user meta functionality
- Multisite: Drive current_user_can_for_blog() to run map_meta_cap() even for tremendous admins
- Multisite: Repair ms-files.php content material sort headers when requesting a URL with a question string
- Multisite: Repair the utilization of the SUBDOMAIN_INSTALL fixed for upgraded WordPress MU installs
What are you ready for? Improve NOW!!!
