Some stories from around the blogosphere about people's experiences (so far) with WordPress 2.5:

• 5 things we love about WordPress 2.5 - by Josh Lowensohn from Webware - "The new system cross checks your plug-ins with the database at Wordpress.org, and if there's an update it will  both let you know, as well as give you a one click option to update it to the latest version."
• My brain dump after upgrading to Wordpress 2.5 - by Colin Devroe from cdevroe.com - "As with all Wordpress upgrades, it is as easy as advertised. I was able to click Upgrade and in a matter of milliseconds my database was updated. Since I hadn’t upgraded since prior to 2.2 I had a few plugins that were now rendered obsolete, so I deactivated them, edited only a few template tags, and deleted a few template files - and I was done."
• Upgraded to Wordpress 2.5 - by Michael Kimsal from michaelkimsal.com - "There are some slick aspects to it, and it’s been cleaned up some. However, it’s still Wordpress, for better or for worse. I guess it’s mostly “for better” (I’m still using it!) but there are some things that still bug me which I was hoping were addressed. I’ll list those in a moment, but I will say the ‘multiple media’ file upload (done in Flash) is a nice feature."
• Wordpress 2.5: don’t be scared - by Cellobella from Redsultana - "But do your homework. Maybe you’d like to wait a little longer. Make sure all the bugs are discovered. Fair enough. You don’t have to upgrade. If you do want to - the instructions on Wordpress worked really well for me."
• Goodbye Movable Type, Hello WordPress - by Mike Davidson from Mike Industries - "I didn’t even plan to change platforms, but after more than a week of trying unsuccessfully to move from Movable Type 3.0 to Movable Type 4.0, this blog was in such a state of disarray under the covers that I began to wonder if switching to WordPress would be quicker altogether."

A "moderately critical" ECMAScript/JavaScript vulnerability in Drupal has been fixed in the latest release, version 6.1. All users of the 6.0 version of Drupal are encouraged to patch their current installations or install the complete version 6.1 files.

A potential cross-site scripting (XSS) vulnerability (SA-2008-018) existed in the handling of titles on content edit forms. A JavaScript function used to escape text wasn't working correctly, and is fixed in the latest version.

The legacy 5.x line of Drupal remains at version 5.7, and is not affected by this vulnerability.

Drupal 6.1 is available for download from the main Drupal website.

Drupal was updated to version 5.7 on January 29th. No new features are included in this version. Several bugs were fixed, two of which are medium-level security issues:

• The input configuration format page was fixed. This specifies the types of HTML tags that are allowed in nodes, including comments, and when set correctly can filter out potentially malicious HTML code from submitted material.
• A more accurate way to check for PHP's register_globals setting was added. Leaving register_globals turned on is a significant security risk when using Drupal, and is not recommended.

Users of earlier Drupal 5 series versions should upgrade to 5.7. The older Drupal 4.7.x branch is still being maintained as well; if you're using that, it isn't necessary to upgrade to 5.7. The current version of the 4.7 series is 4.7.11.

Drupal 6 release candidate 4 was released Friday for evaluation by users. Use of release candidates on production sites isn't recommended.

New Tech Heroes is powered by Drupal, our open source content management system of choice.