The WordPress blog software has been upgraded to version 2.8.5 to backport a number of security hardening changes to make WordPress-powered blogs more secure.
Here’s a glimpse of some of the security fixes being pushed out:
- A fix for the Trackback Denial-of-Service attack that is currently being seen.
- Removal of areas within the code where php code in variables was evaluated.
- Switched the file upload functionality to be whitelisted for all users including Admins.
- Retiring of the two importers of Tag data from old plugins.
WordPress maintainers recommend that all sites are upgraded to this new version immediately.