A new WordPress release came out last night. Unlike the previous, this is what they are calling “a hardening release”, i.e. it is generally designed to make the code base more secure, but doesn’t fix any known vulnerabilities. As with all minor level releases, I suggest you update as soon as possible, if for no other reason than to stay current.
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
We can expect to see 2.9, the next major level release within around the end of the month, certainly before mid-November. That release will supposedly center on enhancements to image handling features.
(For those casual readers, I should probably explain that I develop sites daily with WordPress, and have for many years…hence I think my opinion on matters WordPress should have some level of importance to you…)