On February 7, 2011, WordPress 3.0.5 was released to the public. This is a security update for all previous WordPress versions.
For version 3.0.5, the database version (db_version in wp_options) remained at 15477.
Installation/Update Information
To download WordPress 3.0.5, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
- Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role. (r17397, r17406, r17412)
- Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role. (r17401)
- Fix potential information disclosure of posts through the media uploader. Affects users of the Author role. (r17393)
- Enhancement: Force HTML filtering on comment text in the admin (r17400)
- Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid. (r17387)
- Update the license to GPLv2 (or later) and update copyright information for the KSES library.
List of Files Revised
wp-includes/default-filters.php
wp-includes/version.php
wp-includes/pluggable.php
wp-includes/kses.php
wp-includes/script-loader.php
readme.html
wp-admin/includes/post.php
wp-admin/includes/update-core.php
wp-admin/includes/template.php
wp-admin/js/post.dev.js
wp-admin/js/post.js
wp-admin/async-upload.php