On November 30, 2010, WordPress 3.0.2 was released to the public. This was a mandatory security update for all previous WordPress versions.
For version 3.0.2, the database version (db_version in wp_options) remained at 15477.
Installation/Update Information
To download WordPress 3.0.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
- Fix moderate security issue where a malicious Author-level user could gain further access to the site. (r16625)
Other bugs and security hardening:
- Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)
- Fix canonical redirection for permalinks containing %category% with nested categories and paging. (#13471)
- Fix occasional irrelevant error messages on plugin activation. (#15062)
- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
- Clarify the license in the readme (r15534)
- Multisite: Fix the delete_user meta capability (r15562)
- Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
- Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)
- Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536)
List of Files Revised
wp-includes/ms-files.php
wp-includes/version.php
wp-includes/comment.php
wp-includes/functions.php
wp-includes/load.php
wp-includes/canonical.php
wp-includes/capabilities.php
readme.html
wp-admin/includes/plugin.php
wp-admin/includes/file.php
wp-admin/includes/update-core.php
wp-admin/plugins.php