ghacks Technology News

WordPress 3.0.5 Released

An update to the popular WordPress blogging platform has just been released. The announcement should appear in the admin interface of the WordPress blog. If it does not check the Updates entry on the left sidebar of the admin menu.

According to the developers, WordPress 3.0.5 is a ” security hardening update for all previous WordPress versions” that fixes two moderate security issues and one information disclosure issue, and adds two security enhancements to the blogging application.

The security issues could have allowed “a Contributor- or Author-level user to gain further access to the site”, the information disclosure issue “could have allowed an Author-level user to view contents of posts they should not be able to see”.

The two security enhancements “improved the security of any plugins which were not properly leveraging our security API” and “offer additional defense in depth against a vulnerability that was fixed in previous release”. (via)

wordpress 3 0 5

The summary lists the following changes:

  • Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role.
  • Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role.
  • Fix potential information disclosure of posts through the media uploader. Affects users of the Author role.
  • Enhancement: Force HTML filtering on comment text in the admin
  • Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid.
  • Update the license to GPLv2 (or later) and update copyright information for the KSES library

WordPress 3.0.5 is available for download at the official WordPress site as well for users who want to install the update manually on their server.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

WordPress 3.03 Security Update Released
WordPress 2.9.2 Released
WordPress 3.1.4 Security Update Released
WordPress 3.1.3 Security Update Released
WordPress 2.6.1 released



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Tuesday February 8, 2011 -
Tags:, ,

Previous Post: Firefox Quick Search Bar, Easier Search Engine Access

Next Post: ZX Spectrum to be Reborn as Bluetooth Keyboard

Click on the following link(s) to read more about Software, The Web

Responses so far:

  1. Jaki Levy says:
    May 9, 2011 at 10:11 am

    These are great WordPress resources – I actually just started digging into a really really solid book on WordPress 3.0. It’s got some really nice code samples, and is written by a few pro WordPress developers (including some from Envato). I’m actually giving away 2 copies of the e-book on my site – check out the details about the e-book and the giveaway here – I think you’ll dig it : http://bit.ly/lq20Ff

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts

Follow This Blog

RSS Feeds
Google+ Page; Facebook Fan Page; Twitter




Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us