Critical update for WordPress
A critical update has been made available for WordPress in the form of version 3.0.4. The update fixes a security bug in WordPress's KSES library which performs HTML sanitisation within the publishing platform.
WordPress's Matt Mullenweg said of the update: "I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for". Mullenweg also invited security researchers to look over the changeset and give feedback, and thanked Mauro Gentile and Jon Cave who discovered the XSS vulnerabilities.
The update to the GPL licensed WordPress should be available in the WordPress dashboard or can be downloaded from Wordpress.org.
(djwm)