WordPress version 2.6.5 has just been released, and addresses a fairly major (but rare) vulnerability, along with a few other minor bug fixes.
There was no 2.6.4 released — there was a fake 2.6.4 out there, so the WP team decided to name this one 2.6.5 to avoid confusion. If you’re already on 2.6.3, there are only three files you’ll need to update:
- wp-includes/post.php
- wp-includes/version.php
- wp-includes/feed.php
- xmlrpc.php
- wp-admin/users.php
I just upgraded a handful of sites (including this one) and there’s nothing to it. While it’s unlikely you’ll be affected by this vulnerability, you’d be foolish not to spend a few minutes upgrading. 2.6.5 can be downloaded here.
