官方原文:

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

岁末将至，WordPress官方于29号发布了WorPress 3.0.4，这是一个非常重要的更新，修复了被称为KSES的HTML sanitation library中的一个核心安全问题。该更新被评为关键，建议用户立即更新。

你可通过后台进行自动更新，也可以下载文件进行手动更新。

下载地址：zip | tar.gz

What news:

This release focuses on a brand new admin, with new features, improved functionality and a new design. Main features at a glance:

* Brand new admin
* XML Cache Speeds up the gallery
* Manual Sorting Drag-and-drop for folders and images
* Rename the iv-includes/ (admin) folder
* Folder Password Protection
* Uploader Image Resizer
* Imagevue authorization
* Folder Parameters
* Fixed a few bugs in the gallery, and added loads of new features.

- 阅读剩余部分 -

What news:

This release focuses on a brand new admin, with new features, improved functionality and a new design. Main features at a glance:

* Brand new admin
* XML Cache Speeds up the gallery
* Manual Sorting Drag-and-drop for folders and images
* Rename the iv-includes/ (admin) folder
* Folder Password Protection
* Uploader Image Resizer
* Imagevue authorization
* Folder Parameters
* Fixed a few bugs in the gallery, and added loads of new features.

- 阅读剩余部分 -

What news:

SMTP Support and general fixes

* SMTP Emails, now you can send emails using your mail account
* You can't edit default themes directly anymore
* Safari 5 fix
* Bulgarian language added
* Various fixes for problems collected in forum

- 阅读剩余部分 -

WordPress 官方刚刚发布了 WordPress 3.0 系列第三个更新 WordPress 3.0.3。这是一个针对所有版本的安全更新。
WordPress 3.0.3 主要修正了一个远程发布错误。在某种情况下，这个bug会允许作者、贡献者一级的用户错误地进行编辑、发布或者删除文章。

这个问题只影响启用远程发布的WordPress网站。

默认远程发布功能是关闭的，但是你可以在WordPress控制台的“设置–撰写”里面进行设置。启用其功能可以让你通过手机或者电脑客户端软件进行文章发布。

WordPress 3.0.3 也可以通过“控制台->更新”进行升级。或者，点击这里下载 WordPress 3.0.3。