WordPress 2.3.3 was released today, and it is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog.

Anyone running the 2.3 branch is recommended to upgrade immediately to 2.3.3. Official wp announcement: http://wordpress.org/development/2008/02/wordpress-233/

As always, you can download the latest wordpress version from: http://wordpress.org/download/

Note: I must say that I am very happy since I’ve switched to the subversion method to update wordpress. This is indeed very easy, and if you are managing several wordpress installations this should help a lot in the process to keep them updated:

1
2
3
4
5
6
7
8

svn sw http://svn.automattic.com/wordpress/tags/2.3.3/
U    wp-includes/gettext.php
U    wp-includes/gettext.php
U    wp-includes/version.php
U    wp-includes/pluggable.php
U    xmlrpc.php
U    wp-admin/install-helper.php
Updated to revision 6730.