WordPress 2.6.5 Security Upgrade

WordPress 2.6.5 is now available for download. I know some of you guys aren’t too keen on going through another security upgrade and would want to hold off upgrading until 2.7 gets released. The Automattic team, however, is recommending that everyone upgrades immediately. But According to the update page,

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

So there you have it guys. Don’t hold off upgrading because you want WordPress 2.7 to be your next version of WordPress. You can download WordPress 2.6.5 here or you can use the Automatic Upgrade plugin if you’re not too keen on manually uploading the files.