Yet another update of WordPress has been posted yesterday: WordPress 2.0.7.
Here is what the WordPress official blog has to say:
Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6.
Here are the changes which the above comment mentions:
- Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to “On.”
- Feeds now properly serve 304 Not Modified headers instead of mismatched 200/304 headers (a.k.a. the FeedBurner bug).
For a full list of changes since 2.0.6, please have a look at the original post with WordPress 2.0.7 announcement.
You can't be too secure, and with this in mind I've just updated both my WordPress-based blogs and strongly suggest you do the same.