WordPress releases 2.0.7; Security Bugs squashed
The WordPress team has just released WordPress 2.0.7.
It fixes a PHP security problem. This problem effects only certain versions of PHP. It also fixes the Feedburner issue I reported earlier.
If you haven’t upgraded to even 2.0.6, I recommend that you upgrade your blog ASAP, because all versions prior to 2.0.6 have a big security bug.
If you are already running 2.0.6, then you only need to upload these files:
- wp-admin/inline-uploading.php
- wp-admin/post.php
- wp-includes/classes.php
- wp-includes/functions.php
- wp-settings.php
- wp-includes/version.php
Changes since 2.0.6 from the dev-blog:
- Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to "On".
- Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
- Backport of another 304 Not Modified fix from WordPress 2.1
- Deleting WordPress Pages no longer gives an "Are You Sure?" prompt.
- After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
- Sending an image at original size in Internet Explorer no longer adds an incorrect
height
attribute.
Like I stated, please do upgrade your version of WordPress ASAP to ensure that you blog is safe and secure.