wordpress 2.0.2 Security Release
An important security issue has been brought to the attention of the WordPress team and we have worked diligently to bring you a new stable release that addresses it. Our latest version 2.0.2 contains several bugfixes and security fixes.
The problems addressed are unannounced XSS issues privately discovered and reported to the WordPress team. Thanks to Mark Jaquith, Robert Deaton, and David House for assisting with this release.
Just a quick note: this is different than the snake-oil reports that went out on some security lists a few days ago. There were a couple, but they were either not actual security problems, too small to warrant a release, or just patently false. Remember: just because you read it on a mailing list doesn’t mean that it’s true. We’d be the first people to panic if there was an actual problem.
As always, when something serious crosses our desks we jump on it and get a well-tested release out as soon as possible.
Upgrade 2.0.1 to 2.0.2
This is a security upgrade. Information can be found in the WordPress Dev Blog 2.0.2 Announcement (http://wordpress.org/development/2006/03/security-202/).
It is NOT necessary to run install.php or upgrade.php as no changes are made to the database. As with all WordPress upgrades, the contents of your /wp-content/ folder should remain intact and unchanged.
- Delete /wp-admin/ folder.
- Delete /wp-includes/ folder. Note: You must backup /wp-includes/languages/ directory if exists.
- Delete all the wordpress files in the root directory where the root index.php file is found. DO NOT DELETE wp-config.php.
- Download and extract the new version.
- Upload it to the appropriate folders such as /wp-admin/ and /wp-includes/.
- Upload all the files in the root directory.
- If existed, restore /wp-includes/languages/ directory
Volunteers are assisting with problems on the WordPress Support Forums (http://wordpress.org/support/) and there is useful information in the 2.0.2 upgrade thread (http://wordpress.org/support/topic/64309).