Announcing not one, but two new WordPress releases: WordPress 2.0.9 (for the 2.0 branch), and WordPress 2.1.1 (for the 2.1 branch). Both versions include fixes for a minor XSS (cross-site scripting) attack vector, plus various other small bugfixes. Due to the possible security bug, all users are urged to upgrade to the newest appropriate version. See the announcement on the Development Blog for full details.
For those of you who may be confused about why there are two versions being updated in parallel, here’s a quick rundown: for WordPress to be available as an official package for Debian Linux, we made a commitment to maintain the 2.0 branch through 2010. Also, the 2.0 series still supports older versions of MySQL, while the continued development for WordPress 2.1 and beyond requires (currently) MySQL 4.0 or higher.
Also, the very observant among you might have noticed that there was no version 2.0.8 release. We went straight from 2.0.7 to 2.0.9. What happened? Well, we were just about to release 2.0.8, it was even tagged in svn and the package was available for download, but the official announcement was delayed while some new servers were being installed. Then the last XSS hole was brought to our attention, so we had to go ahead and bump the version number again for the new changes. Now you’re prepared to win the bonus round when you play WordPress Trivia. 😉
In related news, I’ve split the WordPress announcements on Freshmeat.net into two branches, to reflect the stable support for the 2.0 line and continued development for 2.1+. If you aren’t familiar with Freshmeat, it’s a service where software projects can announce their latest releases. If you sign up for an account, you can even get email notification of whichever projects you would like to subscribe to. If you would like to use Freshmeat to track WordPress releases, you can visit the project pages for WordPress 2.0 and WordPress 2.1.