We have a pretty important release available for everyone, it includes an
important security fix and it’s recommended that everyone upgrade. This is the
latest release in our stable 2.0 line, which we’ve committed to maintaining
for several more years. Here’s what’s new:
For developers, there’s a new anti-XSS function called attribute_escape(), and
a new filter called “query” which allows you filter any SQL at runtime.
(Which is pretty powerful.) Thanks to Mark Jaquith for handling this release and
Stefan Esser for responsibly reporting the security issue.
- The aforementioned security fixes.
- HTML quicktags now work in Safari browsers.
- Comments are filtered to prevent them from messing up your blog layout.
- Compatibility with PHP/FastCGI setups.
As a side note, this is probably our last release before 2.1 is out, which
will be our first major feature release in quite a while. 2.1 just entered beta
stage, so if you’re interested in helping out with that process consider
joining our beta group. As a reminder, if you’re a plugin or theme author you
should check your code to make sure it’s compatible with 2.1 before the
Tools and Utilities
Product page: here