Double dose: WordPress 3.0.5 and 3.1 RC4 Released


WordPress 3.1 & 3.0.5

Andrew Nacin posted on the official blog this evening that a “security hardening update” is available for all WordPress users.

On the cusp of WordPress 3.1, this security update is being applied to both 3.0.5 and 3.1 RC4. Two of the security fixes prevent author and contributor-level users from accessing unauthorized levels of a site. A third fix prevents author-level users from viewing draft and private posts by other authors. Finally, two “security enhancements” were made: one for plugins that don’t use the WordPress security API and the other to further harden security from a previous release, which I assume to be the fix for 3.0.4.

The 3.1 Release Candidate 4 also includes some small bug fixes. I think it’s safe to say we are quite close to the branch release of 3.1, mostly because Nacin tells us so in the haiku 🙂 :

Three point oh point five
Enhances security
Three point one comes soon

As always, if you find a bug, and the WordPress team would very much like for you to test for them, you can report them to the Alpha / Beta forum, submit on Trac, or mail the WP-testers mailing list.

As a final note, Nacin thanked “Nils Jueneman and Saddy for their private and responsible disclosures to [email protected] for two of the issues.” I have little doubt that he specifically noted his appreciation for their disclosure method because of how the 3.0.4 release went down in December.

So what are you waiting on? Go and update your site from the dashboard or download your version of choice from the original post.

2 thoughts on “Double dose: WordPress 3.0.5 and 3.1 RC4 Released

  1. FYI, a bug has actually been found, and it’s annoying enough for Mark to have come up with a rather clever solution.

    There’s a new plugin called “Hotfix”:

    This plugin will be kept up-to-date with fixes for minor issues if and when they crop up from time to time. Sometimes it will do nothing. Other times it will fix minor problems that aren’t worth doing a full release for. Regardless, you can install it everywhere and just keep it up to date instead of having to have the team push full releases all the time.

Comments are closed.