WordPress 2.0.6 —”a security release version with an important security fix has been released. It’s a recommended version that everyone should upgrade to, and it probably may also’v addresed the exploit discovered in WordPress Template.php.
- Several security fixes.
- HTML quicktags now work in Safari browsers.
- Comments are filtered to prevent them from messing up your blog layout.
- Compatibility with PHP/FastCGI setups.
- For developers, there’s a new anti-XSS function called attribute_escape(), and a new filter called “query” which allows you filter any SQL at runtime. (Which is pretty powerful.) Thanks to Mark Jaquith for handling this release and Stefan Esser for responsibly reporting the security issue.
Aside, it’s probably the last release before version 2.1 is out. The 2.1 is currently in beta stage, if you’re interested you can help testing it by joining beta group.
WordPress, Security Fixes