Just upgraded this blog to WordPress 2.5.1 as I’ve only just spotted that it’s available. Probably the most important feature is a security fix that is pretty ugly:
An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user.
However there are also a number of other enhancements including:
- Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
- Better performance for those who have many categories
- Media Uploader fixes
- An upgrade to TinyMCE 3.0.7
- Widget Administration fixes
- Various usability improvements
- Layout fixes for IE
If you haven’t got it yet, now the time to upgrade
