wordpress2.0.6刚出不久就有feedburner bug,现在又有hacker发现2.0.6的SQL注入漏洞。
别不信邪,还是先用着wordpress2.0.7RC1吧。
WordPress2.0.7RC1 change:
1. worked around a PHP bug for PHP4 < 4.4.3 and PHP5 < 5.1.4 with
register_globals ON
that could lead to SQL injection or other security breaches
2. Feeds should properly show 304 Not Modified headers (a.k.a. the
FeedBurner bug)
instead of mismatched 200/304 headers
3. Backport of another 304 Not Modified fix from trunk (Etag
mismatch on certain hosts would
cause 200 OK and content to always be served, a waste of bandwidth)
4. Deleting WP Pages no longer gives an “Are You Sure?” prompt
5. After deleting a WP Page, you are properly redirected to the Edit
Pages screen
6. Sending an image at original size in IE no longer adds an
incorrect “height” attribute