In light of the recently reported cross–site scripting vulnerabilities in WordPress, version 2.0.6 has been released to address the said issues in the templates.php file as detailed in these entries from Operation N and Security Focus. (As cited in our related coverage.)
Along with the aforementioned fixes, changes were made specific to the comments system, now filtering for input that may ruin layouts and markup. Also listed in the summary of changes is the compatibility for PHP/FastCGI setups and the now functional HTML quicktags for Safari browsers.
But as of writing, the 2.0.6 update is not without problems. Mark Jaquith was quick to point out the possible problem with Feedburner feeds. Apparently, fixes made to the 2.0.5 code has triggered another problem that may affect a different set of users. He offers a solution, and cites related entries from The NeoSmart Files and K-Squared Ramblings, both with more details on the problem and more importantly, how to fix them, now. With the almost–instant response to this last–minute problem, Lorelle was quick to point out how well the community of WordPress developers are addressing reported problems and vulnerabilities.
If you’re upgrading this soon, be sure to backup your database (and files) beforehand and note whatever hacks to the core code you may have made before. I typically defer upgrading for a few more days to check for early–adopter problems like this. If you’d rather upgrade now, watch out for reports on new issues, be it security or performance–related. Again: backup, backup!
