WordPress MU, the multi blog version of WordPress that runs on such sites as WordPress.com has been updated to version 2.6.5 to address an XSS vulnerability in the feeds offered to users.
More details will be forthcoming but for the time being, there’s also the WordPress.org announcement post.
This release also has a number of bug fixes, including a fix and improvements to rss caching. This is a required upgrade, so please install it as soon as you can.
After you’ve upgraded, check out the nominations for the 2008 WPMU Awards and vote for your favourite!
- Issues with clients seeing compressed pages incorrectly
- Cache clean up
- Warnings if Apache modules are missing
- Better support for WordPress MU. The wp-content/cache/.htaccess rules are now displayed on the admin page
- Better documentation on file locking
- WP Cache files are written to a temporary file first
- Use WP_CONTENT_URL in mod_rewrite rules generator
It also adds a number of filters:
- “supercache_dir” filter so the supercache directory can be manipulated. “wp_cache_key” cache_action to modify the key the wp-cache file is named after. Using both of these should make it easier for plugin authors to manipulate the cache based on user agent or other criteria. ie. iPhone theme? Unfortunately .htaccess rewrite rules will have to be updated manually.
- Added “wpsupercache_buffer” filter so the current page can be manipulated before being stored in the cache.