[wp-hackers] WordPress 3.0.4 - Critical Security Release

Andrew Nacin nacin at wordpress.org
Thu Dec 30 05:37:47 UTC 2010


WordPress 3.0.4 was released a few hours ago. This is a security release for
all previous WordPress versions.

This release fixes cross-site scripting vulnerabilities in our HTML
sanitization library, kses. Please update your sites as soon as possible.
This is a critical release.

Those wishing to continue to test the 3.1 RC, please note that the currently
nightly build contains the fixes that were included in 3.0.4.

Plugins should be unaffected by this release. You may wish to update your
plugin compatibility as appropriate.

Those on the WP.org announcement list should also be receiving an email. If
you'd like to sign up, see the 'Release Notification' form at
http://wordpress.org/download/.

Release announcement: http://wordpress.org/news/2010/12/3-0-4-update/.

Thanks,

Andrew Nacin
Core Developer
WordPress.org


More information about the wp-hackers mailing list