官方原文:

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

岁末将至,WordPress官方于29号发布了WorPress 3.0.4,这是一个非常重要的更新,修复了被称为KSES的HTML sanitation library中的一个核心安全问题。该更新被评为关键,建议用户立即更新。

你可通过后台进行自动更新,也可以下载文件进行手动更新。

下载地址:ziptar.gz

标签: WordPress, 安全更新

已有 4 条评论

  1. choco choco

    嘿嘿,已经更新了——自从上次在这找到了imagevue的最新版,就很喜欢来看看这个blog

    回复
    1. 小兔 小兔

      欢迎 欢迎.

      回复
  2. cgrabbit cgrabbit

    我也是兔子。。呵呵!

    回复
    1. 小兔 小兔

      欺负兔兔啦,你不是兔兔,我才算

      回复

添加新评论