The latest stable version of WordPress (version 3.0.4) was released just few hours ago. It comes with new security update as usual and also fixes core security bug in HTML. Update your blog now and see the difference yourself.
You can download WordPress 3.0.4 and update automatically from the Dashboard > Updates menu in your site’s admin area or click here.
I’d like to clear a little of the confusion up.
- To protect your WordPress blog, update immediately for every mandatory security update. This usually will not impact any WordPress Plugins or Themes, and change little in the core other than to lock up any security issues.
- WordPress 3.0.4 fixes an XSS security vulnerability bug in the
kses.phpfile that “sanitizes” posts.By upgrading immediately these holes are closed to prevent hackers.
base64hack was prevented by the release of WordPress 2.8.4. If you haven’t updated, do so now.
To Update your WordPress, follow the instructions from here.