You need to update to 3.0.4 if you haven’t already.

If you’re relatively current, this won’t break anything, but it’ll protect you from a “critical” vulnerability. From Matt Mullenweg:

Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well.

SiliconANGLE managed sites have all been updated. If you’re running a self-managed WordPress instance, you need to run the update yourself.

[Cross-posted to SA Media Labs.]

%d bloggers like this: