A new version, unlike others – WP 2.6.5 hits the digital ’streets’ and it is worth an update.

It fixes some minor issues, but one major security one – a XSS (cross-site scripting exploit) issue. Because of that problem, it’s worth updating ASAP.

While the details are quite technical, it involves an unsanitized $_SERVER variable and the WordPress feeds output (Both Atom feeds and RSS 2.0). Just like unwashed hands spreading germs, uncleaned data from the server can have nasty surprises in them – and the feeds code doesn’t clean it well enough (until 2.6.5 that is). Any included ’surprise’ can then possibly affect all viewers of the feed (if you’re interested in the technical bulletin, you can read them at infosecurity).

Unlike most updates, I found myself in a hurry to upgrade with this one, so much so that I’ve already updated all my blogs, both WP single user and Multiuser (MU) – not a fun task, I can tell you (although since it happens so often, if you find yourself with a number of blogs as well, it pays to add the ‘WordPress Automatic Upgrade‘ plugin when you first set them up – it makes updates quite a bit simpler, especially if you aren’t technically inclined – or inclined to be technical).

You can get 2.6.5 from the WorPress site at WordPress.og