On November 30, 2010, WordPress 3.0.2 was released to the public. In this release they introduced the major security updates. The WordPress development team has released version 3.0.2 of their popular open source blogging and publishing platform, a maintenance and security update for the 3.0.x branch of WordPress.
wordpress 3.0.2 released.
You can download new wordpress version from.
http://wordpress.org/download/
WordPress has released a new version, 3.0.2, to fix a SQL injection flaw. This flaw is in all previous versions of the codebase according to reports, which means that if you are running WordPress, you must update. This exploit is possible with author-level permissions but personally I would not depend on this to protect myself.
The WordPress development team has released version 3.0.2 of their popular open source blogging and publishing platform, a maintenance and security update for the 3.0.x branch of WordPress
With the 3.0.2 version wordpress fixed following issues.
- Fix moderate security issue where a malicious Author-level user could gain further access to the site. (r16625)
Other bugs and security hardening:
- Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)
- Fix canonical redirection for permalinks containing %category% with nested categories and paging. (#13471)
- Fix occasional irrelevant error messages on plugin activation. (#15062)
- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
- Clarify the license in the readme (r15534)
- Multisite: Fix the delete_user meta capability (r15562)
- Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
- Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)
- Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536)