WordPress 2.0.6 is Out
by David Peralty on January 5th, 2007 
3 Comments
For all of you that ignore the dashboard feeds, or have changed how your WordPress install works, you might have missed the notice that WordPress 2.0.6 is out.
This is mostly a security release and it has been strongly suggested that everyone upgrade.
Here’s what’s new:
- The aforementioned security fixes.
- HTML quicktags now work in Safari browsers.
- Comments are filtered to prevent them from messing up your blog layout.
- Compatibility with PHP/FastCGI setups.
Some of the people I have talked to are thinking of holding off until WordPress 2.1 comes out, and while it has now hit beta, I’d still recommend taking the time to upgrade to 2.0.6, just to make sure everything is safe and sound. If your host provides Fantastico or other tools that allow for easier updates, please make sure they are now using 2.0.6, and get upgrading.
Works like charm!
I was just reading about the release and it seems the former version to be dangerous. But DreamHost hasn’t already allowed the one-click update. So, I’ll have to wait more.
Wordpress 2.0.6 is released which includes security fix about the persistent XSS vulnerability. This security issue has been found in specifically on Wordpress 2.0.5’s template.php allows a user with access to the templates.php to insert arbitrary HTML and/or Javascript which can be then executed by other administrators. The link title of recent accessed files is not sanitized which causes the HTML tags ending with “/” fail. Prior to 2.0.6 release, the temporary workaround is using open “IMG” tags which only works on Firefox and Internet Explorer