WordPress v2.0.7 was released just a couple of hours back with a bunch of new security fixes. This release comes within 10 days of the last one (v2.0.6) – which addressed some other vulnerabilities. This is a much smaller update requiring you to replace only a couple of files. However, WordPress stresses on the importance of undergoing this upgrade…
we think itâ€™s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal.
The updated files are:
Here are the list of fixes…
- Security fix for
wp_unregister_GLOBALS()to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with
register_globalsset to â€œOn.â€
- Feeds now properly serve
304 Not Modifiedheaders instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
- Backport of another
304 Not Modifiedfix from WordPress 2.1
- Deleting WordPress Pages no longer gives an â€œAre You Sure?â€ prompt.
- After deleting a WordPress Page, you are now properly redirected to the Edit Pages screen.
- Sending an image at original size in Internet Explorer no longer adds an incorrect â€œheightâ€ attribute.
It is highly recommended that you perform this upgrade. Installation instructions can be found here.
Incidentally, WordPress 2.1 – the next major version it scheduled to be released sometime around the month-end.
Previous release coverage: WordPress 2.0.6 released with security fixes