WordPress 3.0.2 Security Release



wordpress 3.0.2

Just a few minutes ago, the WordPress dev team released WordPress 3.0.2, a security release or security update that is mandatory for all self-hosted WordPress blogs.

WordPress 3.0.2 addresses a moderate security issue that could allow a malicious user with Author-level privileges to gain further access to the whole site/blog. This version also fixes several bugs and adds additional security enhancements.

WordPress 3.0.2 Bugs and Security Fixes

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

WordPress 3.0.2 List of Revised Files

  • wp-includes/ms-files.php
  • wp-includes/version.php
  • wp-includes/comment.php
  • wp-includes/functions.php
  • wp-includes/load.php
  • wp-includes/canonical.php
  • wp-includes/capabilities.php
  • readme.html
  • wp-admin/includes/plugin.php
  • wp-admin/includes/file.php
  • wp-admin/includes/update-core.php
  • wp-admin/plugins.php

If you have the time to do it now, don’t wait and immediately upgrade your WordPress installation to WordPress 3.0.2 especially if your blog has several author-level users. Although the WordPress dev team recommends that you upgrade immediately even if you don’t have other users or untrusted users.

You can download WordPress 3.0.2 manually from WordPress.org or do it automatically via the WordPress admin panel – Dashboard > Updates.

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

4 Comments

  1. JP Habaradas

    December 6, 2010 at 5:40 AM

    @zammaz – The auto-upgrade feature via the dashboard is secure but personally, I prefer to do the upgrade manually. :)

  2. zammax

    December 6, 2010 at 5:39 AM

    Does it secure if I update directly from the dashboard.. I am afraid of errors like my friends’ blog.

  3. JP Habaradas

    December 2, 2010 at 9:20 AM

    @Sourish – Are you doing the upgrade manually or automatically? If this is the first time experienced this type of problem then yeah, its best to talk to your webhost. There might have been some file permission changes done to your server without your knowledge.

    Btw, who’s your webhosting provider?

  4. Sourish @ Jailbreak Iphone 4

    December 2, 2010 at 9:16 AM

    still having issues with the upgrade here , the installer will stop at the middle of the upgrade and show some write error or permissions ..

    neeed to talk to my web host …. that is the problem with VPS … you have to do all yourself …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.