WordPress 3.0.4 is out


A new version of WordPress, 3.0.4, is out and the WordPress team is strongly encouraging WP users to update.

This update has to do with KSES (http://sourceforge.net/projects/kses/) the html sanitation library used in the WP core and fixes a XSS vulnerability.

As serious as XSS vulnerabilities can be, it’s probably a good idea to apply this update as soon as you can. The WordPress automatic update makes applying these updates pretty much painless if your site supports it. Otherwise, unpack the zip file and push it up via FTP, SCP, SSH, etc. Since this is not a major version update, I don’t find it necessary to remove all core WP files before pushing the new ones up. If you are selective about which files you push up while updating, make sure you upload all the files in the root folder. Even if you push all files in wp-admin and wp-includes, the file which tells WP which version is installed is in the root so if it’s not pushed up WP will not recognize that it has been updated.

Leave a Reply