WordPress 2.3.3 - urgent security release
WordPress 2.3.3 was released today, and it is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.
Anyone running the 2.3 branch is recommended to upgrade immediately to 2.3.3. Official wp announcement: http://wordpress.org/development/2008/02/wordpress-233/
As always, you can download the latest wordpress version from: http://wordpress.org/download/
Note: I must say that I am very happy since I’ve switched to the subversion method to update wordpress. This is indeed very easy, and if you are managing several wordpress installations this should help a lot in the process to keep them updated:
svn sw http://svn.automattic.com/wordpress/tags/2.3.3/
U wp-includes/gettext.php
U wp-includes/gettext.php
U wp-includes/version.php
U wp-includes/pluggable.php
U xmlrpc.php
U wp-admin/install-helper.php
Updated to revision 6730.