WordPress 2.2.1 is now available. 2.2.1 is a bug fix release for the 2.2 series. Since 2.2 was released a month ago, the WordPress community has been improving fit-and-finish by identifying and fixing those little bugs that can be so annoying and by fine-tuning some small details. The result is a nicely polished 2.2.1 release. The full list of bugs fixed in 2.2.1 is available here. Here are some highlights.
- Atom feed validation fixes (#4274, #4307, #4381, #4382)
- XML-RPC fixes (#4314, #4329, #4315, #4469)
- Widget backward compatibility fixes (#4275)
- Widget layout fixes for IE7 (#4264, #4268)
- Page and Text Widget improvements (#4302, #4259)
Unfortunately, 2.2.1 is not just a bug fix release. Some security issues came to light during 2.2.1 development, making 2.2.1 a required upgrade. 2.2.1 addresses the following vulnerabilities:
- Remote shell injection in PHPMailer
- Remote SQL injection in XML-RPC Discovered by Alexander Concha.
- Unescaped attribute in default theme
Special thanks to Alexander Concha for his continued assistance in making WordPress more secure. Special thanks also to Daniel Jalkut of Red Sweater Software for his improvements to our XML-RPC implementation.