A new version of WordPress has been released. This isn’t the major, extra-improved 2.9 that all WordPress developers are waiting for, but rather a minor interim release to harden existing installations against recent attack methods.
From the WordPress site:-
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
Though my WordPress sites haven’t fallen foul of the latest attacks, I will be rolling out this update to all my client WordPress sites (and my own) as soon as possible. Better safe than sorry.
You can download it here.