On Wednesday, December 29, 2010 at 3:50pm, WordPress 3.0.4 was released to the public. Version 3.0.4 is a critical WordPress security update for all previous WordPress versions.
WordPress version 3.0.4 fixes persistent Cross-site scripting (XSS) flaws in the HTML sanitation library, known as KSES.
What is Cross-site scripting?
A type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. ~ source Wikipedia
In an email received from Matt Mullenweg he stated…
My last message to you this year is an important but unfortunate one: we've fixed a pretty critical vulnerability in WordPress' core HTML sanitation library, and because this library is used lots of places it's important that everyone update as soon as possible.
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
You can update in your dashboard, on the “updates” tab, or download the latest WordPress here:
The official release announcement is here:
Merry WordPressing in 2011,
On the WordPress Blog, Matt Mullenweg stated they've given a lot of thought and review on this update, but since this is so core they want as many brains on it as possible. He's requested security researchers to take a look at the changeset and review the update.
List of WordPress Files Revised:
- WordPress News: 3.0.4 Important Security Update
- Download WordPress 3.0.4
- Changeset 17172 for branches 3.0
- WordPress Codex Version 3.0.4
If you're self-hosting WordPress on your own domain, it is important that you upgrade your WordPress as soon as possible.
I haven't tried the automatic update via my “Dashboard,” but I did do a manual upgrade and it worked fine.
Leave your feedback
Have you upgraded to WordPress 3.0.4? Did you use the automatic upgrade or do it manually? If you noticed any glitches in the upgrade or conflicts with any plugins be sure to let us know. Leave your comment below.