WordPress’ security release 2.8.6 is here.  What changes can you WordPress lovers out there expect?

Well, according to the WordPress blog, 2.8.6 “…fixes two security problems that can be exploited by registered” users who are logged in and “have posting privileges.”  “If you have un-trusted authors on your WordPress blog, upgrading to 2.8.6 is recommended.”
WordPress credits Benjamin Flesch with the discovery of an XSS vulnerability (cross site scripting) which translated from geek-speak means that attackers can bypass access controls and alter data on the site without typical permissions.

WordPress credits Dawid Golunski for uncovering the second security issue, “sanitizing uploaded file names that can be exploited in certain Apache configurations.”

Once more, Viewplicity breaks it down for the rest of us:
Simply put, sanitizing is the process of removing sensitive, or private, information from a document, or other file, so more people can have access to it. And, in the case of the WordPress, this would cause file disruption among other annoyances.  But, not anymore, thanks to 2.8.6.

This update was much appreciated by WordPress fans, but after checking the boards, we noticed that people are already camped out awaiting the 2.9 release like it’s Black Friday! (And, some eager beavers have even been playing around with the 2.9 Beta).

Feel free to post a comment to let us know what you think about this new security release.