[wp-hackers] 2.0.9 and 2.1.1

Ryan Boren ryan at boren.nu
Wed Feb 14 01:27:15 GMT 2007

I think we need to do some dot releases to address the recent XSS bug
in wp_nonce_ays().   Betas of 2.0.9 and 2.1.1 are available on the
release archive page.


We were about to officially announce 2.0.8, but we might as well hold
off and announce 2.0.9 instead.  The only change between 2.0.8 and
2.0.9 is the fix for the security bug.

2.1.1 contains several fixes since 2.1.  The fixes are conservative,
and they've been well exercised on wordpress.com and elsewhere.  I
think they are safe to leave in.

If there are any low-risk, high-impact bugs you think should go into
either of these releases, let's discuss their inclusion in this
thread.  Keep in mind that we need to turnaround these releases pretty
quickly, so we have to be careful what we include.  Everything else
should be deferred to 2.0.10 and 2.1.2.  See the milestones on trac.



More information about the wp-hackers mailing list