For those of you who have an IP-based virtual server running on Apache 2.x, the WordPress team has recommended that you immediately upgrade to WordPress 2.6.5, or at least upgrade the wp-includes/feed.php and wp-includes/version.php files. 

Other changes mentioned:

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Oh, and in case anyone else noticed, it looks like they skipped releasing WordPress 2.6.4 completely.  I assume this is due to the fake WordPress 2.6.4 release, which was released by someone pretending to be the WordPress team and contained a trojan horse virus.   Smart move as this should help avoid confusion.

Want automatic updates? Subscribe to our RSS feed or
Get Email Updates sent directly to your inbox!
Tweet This | Digg This | Stumble it | Add to Del.icio.us | | Print This

Kyle Eslick

Kyle Eslick is the founder and primary author of WordPress Hacks. You can learn more about him at KyleEslick.com or you can follow his personal tweets here.

There Are 2 Responses So Far »

  1. Hi and thanks for the post, I was browsing your site when I saw your post. I have already updated to the new version.

  2. David hobson says:

    woohoo yet another updte and 2.7 is only around the corner.

Leave a Reply