WordPress has announced a "critical" update, version 3.0.4, and is advising all users to install it immediately. Wordpress 3.0.4 fixes a security flaw in KSES, WordPress's HTML sanitation library. WordPress chief Matt Mullenweg said in an email to users that KSES is used in "lots of places" in WordPress, so it's very important to update as soon as possible.According to Sophos Security's Naked Security blog, the vulnerability has to do with code that's case sensitive, meaning someone could access parts of WordPress that should be secure, simply by changing a few letters to uppercase. Sophos says the bug is "quite trivial for folks with malicious intent to exploit," which is all the more reason to take a few minutes to upgrade. The security fix is the only change in this version of WordPress, so you shouldn't have to worry about any of your plugins or themes breaking.
WordPress 3.0.4 security update essential for all users, fixes critical flaw originally appeared on Download Squad on Thu, 30 Dec 2010 16:00:00 EST. Please see our terms for use of feeds.
Permalink | Email this | Comments
Brooke Burns Lena Headey Ali Larter Angelina Jolie Erica Leerhsen
No comments:
Post a Comment