As many of you know, WordPress is by far my favorite blogging platform (and the one that I use for this blog).

Three days ago, WordPress 2.6.5 was released, and according to the post on, it contains one security fix and three bug fixes.

From their site:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

You can download the latest package from

Nathan Malone

P.S. I am currently able to accept a limited number of additional clients for my PHP Development services. Interested in discussing the possibility of my handling your project for you? Contact me!

Filed under: Uncategorized