WordPress has released the latest version to the existing 2.6.3 version. The latest release has fixes for a couple of security issues which only affects IP-based virtual servers running on Apache 2.x.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy
wp-includes/version.phpfrom the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.
Also, interestingly WordPress has deliberately not released the WordPress 2.6.4 release to avoid confusion with a fake 2.6.4 release that made the rounds a few days back.
Please note WordPress doesn’t have a 2.6.4 version and if you happen to be running one of that, you better abandon it as soon as possible. WordPress also says, there is no 2.6.4 version and there will never be a WordPress 2.6.4 version.
Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.