Curtiss noticed that WordPress has posted a new version of their downloadable blog software today. The update takes the latest public version of WordPress to 2.8.5. WordPress employee Peter Westwood calls this a “hardening release” and is mostly related to security.
From the announcement, the headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
WordPress suggests that you update your WordPress installations to the 2.8.5 release. You can update manually by downloading the update and reinstalling all of the files or by clicking the upgrade button inside of the WordPress admin. Always make sure to backup your database before you upgrade your blog.