WordPress 2.3.2 has been released and includes a number of changes including one security fix, here is a list of most of the changes in detail:
- Performance improvements for post sanitization when raw content is required (#5325).
- Changes to
is_admin()
to ensure that it is only true for admin pages thereby protecting against exposing draft posts. (#5487). - Suppression of database errors unless WP_DEBUG is true (#5473).
- Check for valid database connection information during install and display and error if the install fails due to database rights (#5495).
- Support for a custom database down page to be displayed on database connection errors (#5500).
- Changes to make sure we are more selective in what we make clickable, this introduces different rules for different uri types ([6450]).
- Changes to
wp-mail.php
to escape the error messages when displaying them to avoid a possible XSS attack (#5484). - Changes to ensure that the post password is only exposed by the xmlrpc method
metaWeblog.getRecentPosts
to users with rights to edit a post (#5535). - Changes to the information exposed the
wp.getAuthors
xmlrpc method to reduce the information exposed and add a capabilites check (#5534). - Addition of extra capabilites checks to xmlrpc methods ([6504]).
- Addition of extra capabilites checks to APP server ([6508]).
- Changes to
validate_file()
to improve its traversal attempt detection when running on windows ([6521]).
For a complete list of all the changes you can read this section of the branches/2.3 log.