Performancing Metrics

WordPress 2.6.5 Security Upgrade

WordPress 2.6.5 is now available for download. I know some of you guys aren’t too keen on going through another security upgrade and would want to hold off upgrading until 2.7 gets released. The Automattic team, however, is recommending that everyone upgrades immediately. But According to the update page,

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

So there you have it guys. Don’t hold off upgrading because you want WordPress 2.7 to be your next version of WordPress. You can update to 2.6.5 by just replacing two files, wp-includes/feed.php and wp-includes/version.php and upload (overwrite existing files) them to your wp-includes folder.They are also skipping 2.6.4 to prevent confusion with a fake version that had fooled some people a few weeks ago.

You can download WordPress 2.6.5 here or you can use the Automatic Upgrade plugin if you’re not too keen on manually uploading the files.

Categories: WordPress News

This post was written by . You can visit the for a short bio, more posts, and other information about the author.

Comment with Your Facebook Account