Today I got email from Matt saying wordpress 3.0.4 version is released and we must need to update the wordpress due the major security reasons. When I checked the following article I realized the how important is wordpress 3.0.4 version.
http://wordpress.org/news/2010/12/3-0-4-update/
What Matt is saying at the end of 2010
My last message to you this year is an important but unfortunate one: we’ve fixed a pretty critical vulnerability in WordPress’ core HTML sanitation library, and because this library is used lots of places it’s important that everyone update as soon as possible.
I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.
You can update in your dashboard, on the “updates” tab, or download the latest WordPress here:
What Major Changes wordpress did in this 3.0.4 version.
They resolved following issue:
Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove
WordPress changes the following files.
- wp-includes/formatting.php
- wp-includes/kses.php
