This new version fixes one security issue and 3 bugs.

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests.

Joomla has a new release, Joomla 1.5.8 [Wohnaiki]. This release contains a number of bug fixes and two moderate-level security fixes. Just 2 months after the release of Joomla 1.5.7, another release is now available.