官方原文:

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

If you are a security researcher, we’d appreciate you taking a look over this changeset as well to review our update. We’ve given it a lot of thought and review but since this is so core we want as many brains on it as possible. Thanks to Mauro Gentile and Jon Cave (duck_) who discovered and alerted us to these XSS vulnerabilities first.

岁末将至，WordPress官方于29号发布了WorPress 3.0.4，这是一个非常重要的更新，修复了被称为KSES的HTML sanitation library中的一个核心安全问题。该更新被评为关键，建议用户立即更新。

你可通过后台进行自动更新，也可以下载文件进行手动更新。

下载地址：zip | tar.gz

WordPress 官方刚刚发布了 WordPress 3.0 系列第三个更新 WordPress 3.0.3。这是一个针对所有版本的安全更新。
WordPress 3.0.3 主要修正了一个远程发布错误。在某种情况下，这个bug会允许作者、贡献者一级的用户错误地进行编辑、发布或者删除文章。

这个问题只影响启用远程发布的WordPress网站。

默认远程发布功能是关闭的，但是你可以在WordPress控制台的“设置–撰写”里面进行设置。启用其功能可以让你通过手机或者电脑客户端软件进行文章发布。

WordPress 3.0.3 也可以通过“控制台->更新”进行升级。或者，点击这里下载 WordPress 3.0.3。

- 阅读剩余部分 -

正如WordPress官方日志所称，WordPress 3.0.2 中文版官方版如期发布WordPress 3.0.2已正式发布此版本修复了一个安全漏洞：在以往版本，拥有作者权限的用户可以通过某种方式获得站点的更高权限。

同时，修正了数个 bug、增强了安全性能。

下载:WordPress 3.0.2 官方简体中文版

WordPress 3.1 beta 1刚发布几天，WordPress就爆出了安全漏洞。WordPress官方紧急发布了WordPress 3.0.2，在后台可以看到升级提示。

最关键的是，这个安全漏洞影响到了WordPress之前发布的所有版本的WordPress。

WordPress安全漏洞描述：

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue！

WordPress 3.0.2的发布主要修复一个常规的安全漏洞，这个漏洞可以让别有目的的用户获得更多的用户数据，3.0.2的发布，除了修复了这个功能，对WordPress常规的安全也做了更新，使得WordPress更加安全。

感谢Vladimir Kolesnikov为这个安全漏洞提供详细的说明。

WordPress 3.0.2 下载地址：http://wordpress.org/latest.zip

官方原文

Posted November 30, 2010 by Mark Jaquith. Filed under Releases,Security.

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.