刚刚登陆WordPress 后台的时候,系统提示:WordPress 2.6.5 is available! Please update now,我赶紧到WordPress 官方博客查看具体消息,以下引用官方原文:
WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. We recommend everyone upgrade to this release.
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.
大致的意思就是说WordPress 2.6.3 版本存在一个重要的XSS 安全问题,建议2.6.3 版本用户升级至2.6.6 以修复该安全问题和其他三个相关Bug,具体更新方法:
下载wordpress 2.6.5 找到wp-includes/feed.php 和 wp-includes/version.php 这两个文件,上传直接替换即可。
Sino Blog 已经更新至2.6.5,等待WordPress 2.7 正式发布。