On December 29, 2010, WordPress 3.0.4 was released to the public. This is a critical security update for all previous WordPress versions.
For version 3.0.4, the database version (db_version in wp_options) remained at 15477.
To download WordPress 3.0.4, update automatically from the Dashboard > Updates menu in your site's admin area or visit http://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress - Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
- Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). (r17172)
List of Files Revised
wp-includes/version.php wp-includes/formatting.php wp-includes/kses.php readme.html wp-admin/includes/update-core.php