Just about an hour ago WordPress 2.8.6 was finalized and released. Nothing exciting with this release – just a few security fixes.
From the WordPress.org blog:
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
On another note, WordPress 2.9 is still scheduled for a final release at the end of November/early December. You can still download and test the latest WP 2.9 nightly build here.
Finally, WordPress MU received a few updates last week and is now up to 2.8.5.2.
This update was really unexpected.. though this update seems to be only for those
who have multi author blogs or is it for every one?
@Harash – Yeah this update was spur of the moment.
It fixes and XSS vulnerability for authors.
So there are two ways this could be used.
1 – One of your Authors deliberately uses the exploit
2 – One of your authors (including you) gets phished, clicks a link, and then the XSS code runs.
It’s definitely not a high priority update if you are the only user on the blog.