WordPress 2.6.3 is out, it fixes a Snoopy class vulnerability.
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If you don’t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.
Replace these 2 files:
Download full version:
- Coke Studio – WP-Polls
- Ford Motor Company Global Auto Cars Shows – WP-PostRatings
- Mashable – WP-PostRatings
- MTV Buzz Worthy Blog – WP-Email
- Smashing Magazine – WP-PageNavi
- The Martha Stewart Blog – WP-Polls
- Truemors – WP-PostRatings
- Playstation Blog – WP-PostRatings
- Wall Street Journal Blog – WP-Print
- Weblog Tools Collection – WP-PostRatings
- WordPress Showcase – WP-PostRatings
- Xerox Blogs – WP-Email
- Yahoo Blog (Yodel Anecdotal) – WP-PostRatings
- ZDNet Blog – WP-Polls
Feel free to add on to the list by posting it in the comments.