WordPress 2.8.6 security release!!!

wordpress-logoWe know that the WordPress developers are currently working hard completing version 2.9, but 23 days after releasing 2.8.5 there is one more 2.8 release : WordPress 2.8.6 Security Release.

As a security release, WordPress releases version 2.8.6 which fixes two security problems that can be exploited by untrusted users in your blog who have posting privileges.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.

If you blog has untrusted authors, then upgrading to 2.8.6 (download) is recommended or you could just upgrade automatically through your blog’s WordPress Dashboard.

This WordPress update does not require an update of the WordPress database. It is however recommended to perform a backup of both the WordPress files on the web server and the MySQL database to be prepared if the update should fail for any reason.