WordPress has been releasing upgrades of itself quite frequently, fixing bugs and adding stuff as they go along. It wasn’t that far back when I had upgraded to version 2.8.1 and within a few weeks it went up to 2.8.5.
The latter version was stable for a while I guess but here comes 2.8.6. So, ok – tinking around with themes last evening caused some problems and I decided to download the latest version of WP just to see if it would solve it. It didn’t (turns out that it was a problem with one of the plugins that I had installed and a compatability issue with a new theme that I was trying out) but it’s what my blog is running on now.
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended. The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.