Version 3.0.4

On December 29, 2010, WordPress 3.0.4 was released to the public. This is a critical security update for all previous WordPress versions.

For version 3.0.4, the database version (db_version in wp_options) remained at 15477.

Installation/Update Information

To download WordPress 3.0.4, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

  • Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). (r17172)

List of Files Revised

wp-includes/version.php 
wp-includes/formatting.php
wp-includes/kses.php
readme.html
wp-admin/includes/update-core.php

First published

Last updated