Another WordPress release has come out, this time it fixes two security bugs, but not everyone needs it:
These bugs can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
So essentially, if you’re just using WordPress for yourself and you’re not allowing just anyone to sign up and post, then you need not worry about updating!
To get the latest release click here.
