Critical WordPress Security Release
We’ve just received word from our friends at WordPress that the latest release (v3.0.4) includes a critical security patch. WordPress recommends all users immediately update to the latest version to protect your sites from a vulnerability in WordPress’ “core HTML sanitization library.”
Most (mt) users should be able to use the built in update utility inside their WordPress admin panel, but just in case, here are some instructions for updating straight from the team at WordPress.
For your reference, here is the message WordPress distributed to their users:
First off, happy holidays. I hope this time of the year, chilly for many of you, has given you time to enjoy family, friends, and loved ones and reflect on the year before and the year to come.
My last message to you this year is an important but unfortunate one: we’ve fixed a pretty critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible.
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
You can update in your dashboard, on the “updates” tab, or download the latest WordPress here:
http://wordpress.org/download/The official release announcement is here:
Merry WordPressing in 2011,
—
Matt Mullenweg
http://ma.tt | http://wordpress.org | http://automattic.com