RELEASE – WordPress 2.8.6 with Security Fixes

WordPress has released WordPress 2.8.6 which is a security release. Last month they released WordPress 2.8.5 which was also a security release. Wordpress : Popular Blogging Platform

As per the release note from WordPress team,


2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.

If your WordPress users data is having some untrusted authors on your blog then you must upgrade your WordPress installation to the latest version. WordPress 2.9 is expected to release by end of this month or in early December 2009.

Download WordPress 2.8.6 or Upgrade Automatically thru Dashboard

We strongly recommend every wordpress user to upgrade their version to the latest one. WordPress is now a popular blogging platforms and very much secured. WordPress team is working really hard to cover-up any security fixes and that’s why you are seeing two updates in last two months. 

Sanjeev Mishra is a professional blogger and an Internet Marketing Consultant based in India. He has built the Internet Techies to provide you updates in technology and web application area.
  • Hi Sanjeev
    The news is travelling across the internet… 2.8.6 is out.
    I appreciate that this is all about security, but two releases in a month!

    Do you think that this will be the final revision fopr 2.8?

  • Hi Keith,
    Yes, 2.8.6 is out now and as this is a security update which really came as an emergency update as well. WordPress always keeps track of its updates thru tracker where nothing was scheduled as 2.8.6 but since some folks reported issues with multi author thing, then WordPress team started working on it on high priority and released this update in hurry. Hope not to get more updates in 2.8 series and to get 2.9 as the next release (condition – none of the high priority issues reported in between)

  • Hi Sanjeev,

    Thanks for the news. I have a problem. My WordPress dashboard isn’t indicating that there’s an update. What shall I do? Thanks in advance…

  • Hmmmmmmm, may there was little delay at

    The nag screen appeared in my dashboard few seconds later posting the above comment.

    May be it was something to do with my plugins. The dashboard started nagging me after deactivating all the plugins. I upgraded to the latest version and then reactivated my plugins.

  • Just upgraded to it before few hours as my blog is also a multi-author. 🙂

  • Hi Yohan,
    This is not related with plugins. Actually every installation of WordPress has its own update cycle of 12 hours. Your installation is having a bit late update cycle where the wordpress installations gets update notification from its SVN server. This update process repeats after 12 hours but the time is set to different for each installation. That’s why your dashboard notifies a bit late which is nothing but a response of late cycle time of your installation.

    Same is the case with update notification for plugins in wordpress. I really appreciate your efforts on virtualpreacher.

  • Hi Sahil, I was not aware that sahilkotak is a multi-author blog, this Update is exactly for the same kind of platform like your blog.

  • I have upgraded automatically and had absolutely no problems. I only saw the message this monring and a friend of mine saw it yesterday, thats a bit funny.

    I guess for sites that have multiple authors, this update is a BIG MUST.

  • Thanks for your concern Sanjeev. It’s a relief to know that nothing is wrong with my blog.