Security update to 4.0.1.

Changes:
- Three cross-site scripting issues that a contributor or author could use to
  compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
  their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
  makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s account to be
  compromised, that also required that they haven’t logged in since 2008 (I
  wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
  remembers their password, logs in, and changes their email address.

More details on http://codex.wordpress.org/Version_4.0.1.

0 files changed, 0 insertions, 0 deletions