WordPress 3.0.2 Released

in Blog

Yesterday WordPress announced the release of WordPress 3.0.2, their 2nd major update to the groundbreaking WordPress 3.0.

The biggest update on this release was addressing the problem where an author level user could gain further access to your site. The following problems were also fixed:

  • emove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

The author level security issue could be quite a big problem so I recommend you all update to 3.0.2 through your admin area or via FTP when you have time.

Good luck,

WordPress 3.0.2: Announcement | Changes | Download

Comments (2)

  • Comment by Kevin Muldoon
    Kevin Muldoon

    I’m not sure what’s happened. I would ask your host to reset your ftp password and try again.

  • Comment by Dean Saliba
    Dean Saliba

    Am I the only one who suffered problems after installing this upgrade?

    I installed this update on three test blogs and when the upgrade was complete I was unable to access the main page, the admin page or even the FTP.

    I contacted my hostâ€â„¢s support and they said those three blogs had somehow had their permissions changed. Didnâ€â„¢t happen to any of my others that did not receive the upgrade. :/