Blogging Fool

Automattic just won’t let anything slide, now will its community of developers and users. The fourth in a series of .1 updates created to address possible security issues that could be exploited by malicious users or even registered contributors, WP 2.8.5 includes the following key changes:

* A fix for the Trackback Denial-of-Service attack that is currently being seen.
* Removal of areas within the code where php code in variables was evaluated.
* Switched the file upload functionality to be whitelisted for all users including Admins.
* Retiring of the two importers of Tag data from old plugins.

The update for custom WordPress installation can be easily applied from the admin panel and it is strongly recommended that you do. When last we check, there was even a 2.8.6 release cooking. We may have to wait just a little longer for 2.9 but at least we will sleep more soundly knowing that the doors have been locked.