{"id":462,"date":"2008-11-25T17:33:56","date_gmt":"2008-11-25T17:33:56","guid":{"rendered":"http:\/\/wordpress.org\/development\/?p=462"},"modified":"2021-06-04T11:59:24","modified_gmt":"2021-06-04T11:59:24","slug":"wordpress-265","status":"publish","type":"post","link":"https:\/\/wordpress.org\/news\/2008\/11\/wordpress-265\/","title":{"rendered":"WordPress 2.6.5"},"content":{"rendered":"

WordPress 2.6.5 is immediately available and fixes one security problem and three bugs<\/a>. We recommend everyone upgrade to this release.<\/p>\n

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes\/feed.php<\/code> and wp-includes\/version.php<\/code> from the 2.6.5 release package.<\/p>\n

2.6.5 contains three other small fixes in addition to the XSS fix.\u00a0The first prevents accidentally saving post meta information to a revision.\u00a0The second prevents XML-RPC from fetching incorrect post types.\u00a0The third adds some user ID sanitization during bulk delete requests.\u00a0For a list of changed files, consult the full changeset<\/a> between 2.6.3 and 2.6.5.<\/p>\n

Note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds.\u00a0There is not and never will be a version 2.6.4.<\/p>\n

Get WordPress 2.6.5<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. We recommend everyone upgrade to this release. The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes\/feed.php and wp-includes\/version.php […]<\/p>\n","protected":false},"author":655,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"episode_type":"","audio_file":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","date_recorded":"","explicit":"","block":"","filesize_raw":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-462","post","type-post","status-publish","format-standard","hentry","category-development"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pZhYe-7s","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/users\/655"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/comments?post=462"}],"version-history":[{"count":1,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/462\/revisions"}],"predecessor-version":[{"id":10637,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/posts\/462\/revisions\/10637"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/media?parent=462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/categories?post=462"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.org\/news\/wp-json\/wp\/v2\/tags?post=462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}