Aaand we're back with another teeny tiny WordPress (news, site) release update. The team announced the availability of "Baker" 2.8.1 Candidate 1 earlier this month after a couple Beta versions, but a pesky bug managed to slip through the cracks.
The "XSS vulnerability" caused funky comment author URLs when displayed in the admin. The development team pointed out that this goof could be exploited to redirect users away from the admin to another site. Definitely no good.
WordPress 2.8.2 can be downloaded here, or you can go to the Upgrade page of your blog's admin for an automatic fix.
Other than a few hiccups, WordPress "Baker" is cookin' and version 2.9 of the popular platform is already well underway. What we know so far about the upcoming release is that a good chunk of the development team's focus is going to improving multi media features. A few hints on exactly what's coming have already been dropped, but a solid list of the anticipated 2.9 features will reportedly be posted some time this month, after the priority has been determined