Thread: WordPress Critical Update - 3.0.4

WordPress Critical Update - 3.0.4

***Hot off the Press***

Update WordPress immediately! Critical! Mandatory! Call it what you want - bottom line, UPDATE!

Although this update has nothing to do with your AppThemes, we don't want to see anyone's hard work with CP or JR compromised because of it. Please take a few minutes to upgrade your WordPress to the latest version, right now!

If you're already running 3.0.3, only a few files are updated, here's the list from one of my installs:

• wp-includes/version.php
• wp-includes/formatting.php
• wp-includes/kses.php
• readme.html
• wp-admin/includes/update-core.php

The update will not affect your theme. Disable all plugins, update WordPress, enable all plugins.


Note: If you're on DreamHost read this: http://www.dreamhoststatus.com/2010/...ustomer-sites/ (12/29/10)
Note: If you're running WordPress 3.1-RC1, update to the current nightly release to receive the fix that was included in 3.0.4. (12/29/10)

References:
WordPress.org News Release
WordPress.org Codex (now updated)

Thanks for the heads up on this

Yeah thanks for the quick post.

Also, if you host your WordPress instance in the cloud (W3 Total Cache plugin), make sure to update it there too.

Thanks.. already updated

Sorry dont want to sound like a twit - just curious - why dont we just not update to WP3.0.4 and wait until there is a major release like 3.1.0 and then update WP+JR or CP?

Normally it's ok to wait for the next major release but this one patches a critical WordPress security issue.

Once hackers figure this out, they'll launch their automated scripts to scour the web looking for older WP instances. You don't want to be on their list.

It's better to be safe than sorry and update now.

It patches an XSS security bug in kses.php, which sanitizes posts. Left open (unpatched) it leaves an open door to monsters, like base64. Yes, eval(base64) is still going around. It lives because users don't patch their installations!

Look at the top post in this thread.. only a few files are actually modified and those are critical!

If we have already updated to Wordpress 3.0.4 does that correct the issue? or is it to correct a problem in that release? I am on board with fixing whatever needs fixing, just a little confused.

Yep. You're fine then.