Two days ago, the WordPress dev team released WordPress 3.0.5 which is a security hardening update that includes security enhancements like improved security of any plugins that didn’t properly leverage security API, additional in-depth defense against vulnerabilities, fix for a information disclosure issue that could’ve allowed author-level users to view content of drafts & private posts and a bug fix for an issue that could’ve allowed contributor or author-level users to gain further access to the website/blog.
WordPress 3.0.5 did its job of fixing the security issues and bugs but it also created a small glitch that stripped advanced HTML from comments. Here’s Mark Jaquith’s explanation about the WordPress 3.0.5 bug.
One of the security fixes for WordPress 3.0.5 was overzealous. It fixed the issue, but it also stripped advanced HTML (on display, not save, thankfully) from comments by people with the unfiltered_html capability. It’s sort of a rare bug – doesn’t apply to multisite installs, and not many people know that Editors and Administrators on single WP installs can use images etc in comments, so we don’t think it warrants another release.
To address/fix this issue, the Akismet team included the hotfix with the release of Akismet 2.5.3. If you’re not using Akismet, you can use the newly created plugin called Hotfix that fixes the WordPress 3.0.5 bug. You might want to keep this plugin for future use as it is designed to fix selected bugs that might come with future versions of WordPress.
Still haven’t upgraded to WordPress 3.0.5? Common now! It only takes a few minutes of your time and it will save you a ton of headaches and problems. Better safe than sorry folks!
You can download WordPress 3.0.5 manually from WordPress.org or do it automatically via the WordPress admin panel — Dashboard > Updates. If you do upgrade your WordPress installation, don’t forget to download the latest version of Akismet or the Hotfix plugin so you won’t get bitten by the WordPress 3.0.5 bug.
Anybody here who’s already upgraded to WordPress 3.0.5? Anyone had issues with the WordPress 3.0.5 bug?