今天WordPress推出了v2.6.5最新修正版,修正了一個對Apache 2.x伺服器有影響的「XSS exploit」安全性漏洞,與其他三個相關的安全性修正與程式問題。這次WordPress跳過了2.6.4直接推出2.6.5版本,聽說是因為之前網路上WP 2.6.4的假檔,為避免混淆,就不再推出 v2.6.4版本了。大家以後下載軟體或更新網站程式,還是得從官方網站下載會比較安全。
- WordPress版本:2.6.5
- WordPress下載:按這裡
- 官方網站:http://wordpress.org/
此版本僅為安全性更新,,
- xmlrpc.php
- wp-includes/post.php
- wp-includes/feed.php
- wp-includes/version.php
- wp-admin/users.php
,更新項目:
The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.
2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests.
