WordPress.org

Codex

Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Version 3.0.4

On December 29, 2010, WordPress 3.0.4 was released to the public. This is a critical security update for all previous WordPress versions.

For version 3.0.4, the database version (db_version in wp_options) remained at 15477.

Installation/Update Information

To download WordPress 3.0.4, update automatically from the Dashboard > Updates menu in your site's admin area or visit http://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

  • Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). (r17172)

List of Files Revised

wp-includes/version.php
wp-includes/formatting.php
wp-includes/kses.php
readme.html
wp-admin/includes/update-core.php
See also: other WordPress Versions.