WordPress 于WP官方博客时间2010年12月29日,北京时间2010年12月30日发布了WordPress 3.0.4版本,该版本主要是对前一版本一些BUG的更新修复,这次的更新修复了以往版本使用的叫做 KSES 的 HTML 转义库(HTML sanitation library)的重大问题。博客吧转下WP官方博客原文内容。
WordPress 官方博客原文:
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.
内容大致意思:WordPress 3.0.4版本发布,该版本修复了以往版本使用的叫做 KSES 的 HTML 转义库(HTML sanitation library)的重大问题。这是个重要的安全更新,建议WP博主尽快更新。然后就是对节日之际发布更新表示抱歉,但这个更新确实很重要,所以希望用户尽快更新。然后对发现该漏洞的Mauro Gentile 和 Jon Cave表示感谢。该次更新可以通过WP后台控制面板进行更新。
提醒:看官方博文内容的说明,可见该次更新真的很重要,所以博客吧建议尽快更新。