WordPress 2.8.4: Security Release
An update for WordPress was released today after a minor security issue was discovered yesterday. A bug in the code allowed a blog user to reset the administrator’s password and cause a new password to be e-mailed to the admin. The attacker would not get access to the account, but the administrator would be inconvenienced by having to change their password.
The bug isn’t critical and its unlikely that most blogs would have problems with it, but its always a good idea to patch security holes as they are found.
I updated this blog through the automated update feature in WordPress. This is the best way to update software and more CMS’ should have similar functionality. Its always a good idea to backup your blog before performing an update. There is a possibility that a plugin or theme being used could fail in a new version of WordPress, so you should always have a way to go back to a previous version in case anything goes wrong.