不出意外的话，WordPress 3.0.4 应该是2010年最后一个正式发布的版本了，新的版本仍然是安全性更新，而且这一次是修复HTML sanitation library中的核心漏洞，并被评定为关键漏洞。后台自动更新已经推送，更新版本不影响本地化翻译。当然也可以耐心等待官方中文版的更新推送。

WordPress更新频繁还是会觉得有些不便的，千万别弄的和Windows系统那样，变成每月一更新。不过话说回来，安全这种问题，经历过自然会感觉到它的重要性……

更新日志

• Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
• I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
• If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

相关下载

• zip | tar.gz