Another security release – here’s what it fixes:
- Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role. (r17397, r17406, r17412)
- Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role. (r17401)
- Fix potential information disclosure of posts through the media uploader. Affects users of the Author role. (r17393)
- Enhancement: Force HTML filtering on comment text in the admin (r17400)
- Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid. (r17387)
- Update the license to GPLv2 (or later) and update copyright information for the KSES library.
Go forth, and update!