WordPress 2.8.6 Security Release

WordPress 2.8.6 is available for download. It’s another security release and was released two days ago. Below is a summary from the WordPress development blog:

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

You can download WordPress 2.8.6 here.

You might like these posts too::

  1. WordPress 2.8.4 Security Release
  2. WordPress 2.3.2 Urgent Security Release
  3. WordPress 2.3.3 Security Release
  4. WordPress 2.0.6 Important Security Update
  5. WordPress 2.8.5: Hardening Release

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>