The WordPress development team have released a security update to the 2.8 series of the popular blog platform.
A number of the changes that are outlined below were back ported in order to provide enhanced security for the 2.8 series while the team works hard on 2.9.
The headline changes in this release are:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
You can learn more here.