Wordpress developers have released what they’re calling a mandatory security update. Wordpress 3.0.2, available for download as of this morning, fixes a moderate security issue that could allow malicious author-level users to gain further access to Wordpress controlled websites. Ten bugs and security issues have been addressed with this release, and include:
-
Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
-
Fix canonical redirection for permalinks containing %category% with nested categories and paging.
-
Fix occasional irrelevant error messages on plugin activation.
-
Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
-
Clarify the license in the readme .
-
Multisite: Fix the delete_user meta capability.
-
Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins.
-
Multisite: Fix ms-files.php content type headers when requesting a URL with a query string.
-
Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs.
Wordpress 3.0.2 can be downloaded and manually installed to your web hosting server or updated within the Wordpress administration control panel.