The WordPress dev team just released WordPress version 2.9.2 a few minutes ago. This is a security release that addresses an issue where logged in users can peek or view “trashed” posts that belong to other users or authors.
For those who aren’t familiar, one of the new features included in the release of WordPress 2.9 is the “trash status” for posts, pages and comments. With this feature, users have the option recover or permanently delete posts, pages and comments that have been deleted.
If you’re running WordPress 2.9 or 2.9.1 and have a multi-authored blog or have registered users whom you don’t trust, then you need to immediately upgrade your install to WordPress 2.9.2. You can do the upgrade automatically via the WordPress dashboard – Tools > Upgrade menu or do it manually.
As a safety precaution, I recommend that you create a backup of your WordPress database as well as make backup copies of your wp-config.php file, .htaccess file, wp-content folder and any other important or custom files that you have on your web server. It’s always good to have backups of these files just in case something goes wrong, you will have something to revert to.
Anyone else who has already upgraded to WordPress 2.9.2?