[wp-hackers] 2.0.9 and 2.1.1

wordpress at nazgul.nu wordpress at nazgul.nu
Wed Feb 14 07:39:15 GMT 2007

We need to get a fix in for #3279, as it's a similar XSS issue.

Bas Bosman (Nazgul)

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Ryan Boren
Sent: woensdag 14 februari 2007 2:27
To: wp-hackers at lists.automattic.com
Subject: [wp-hackers] 2.0.9 and 2.1.1

I think we need to do some dot releases to address the recent XSS bug
in wp_nonce_ays().   Betas of 2.0.9 and 2.1.1 are available on the
release archive page.


We were about to officially announce 2.0.8, but we might as well hold
off and announce 2.0.9 instead.  The only change between 2.0.8 and
2.0.9 is the fix for the security bug.

2.1.1 contains several fixes since 2.1.  The fixes are conservative,
and they've been well exercised on wordpress.com and elsewhere.  I
think they are safe to leave in.

If there are any low-risk, high-impact bugs you think should go into
either of these releases, let's discuss their inclusion in this
thread.  Keep in mind that we need to turnaround these releases pretty
quickly, so we have to be careful what we include.  Everything else
should be deferred to 2.0.10 and 2.1.2.  See the milestones on trac.


wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list