WordPress 3.0.2 Released

WordPress 3.0.2 is available, it fixes a few bugs and a SQL injection flaw.

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging
  • Fix occasional irrelevant error messages on plugin activation
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU install