Wordpress skips 2.6.4 for 2.6.5

November 26th, 2008 | by rey |

Wordpress 2.6.5 is now available for download as of November 25, 2008. The Wordpress folks skipped releasing a version 2.6.4 because of a fake version 2.6.4 out in the wild. So upgrade to 2.6.5 folks, ignore 2.6.4.

The Worpress blog states the new version fixes one security problem and three bugs:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5

I don’t know what all that exactly meant. But it’s my understanding that your blog or site will be a bunch safer and secure if you upgrade to the latest release. So that’s what I did. I suggest you other Wordpress users do the same. Cheerio!

Related Posts

Upgrade to Wordpress 2.7.1 Successful

Wordpress Version 2.8 released

Latest WordPress version 2.6 in da House Upgrade Now!

Upgrading to Wordpress 2.5.1 Successful

Wordpress 2.9 out the door