For a recent WordPress version upgrade I recommended to wait two weeks before applying the patch to let potential bugs be worked out. That recommendation was based on a review of the fixes included in that WordPress update and my overall assessment that they represented a lower risk then potential issues that might go wrong with an upgrade.
For the WordPress 3.0.5 update I am taking a different approach and have already applied the patch successfully. I changed my approach on this update vs. 3.0.2 for the following reasons:
- My confidence level in the stability of WordPress updates has improved over time based on positive experiences that have been point and click with little trouble. In the IT operations world this would have someone banging on the nearest wooden object at this point, so rest assured I did make sure I had a backup before pushing the update button.
- A quick review of the WordPress 3.0.5 fix list convinced me this was primarily a security related upgrade vs. a functional upgrade. I view some of the vulnerabilities such as cross site scripting bugs (denoted as XSS) higher risk and wanted to be protected against those threats.
- I received two WordPress firewall scanning alerts on a test site I have set up and this is quite a rare occurrence. One of the attacks appeared to be injection related but the other one was a possible cross site scripting attempt. The timing of these events and the recent release of WordPress 3.0.5 Update was the tipping point for having me apply this update quicker then the last.
I will keep everyone updated if I detect any additional WordPress security anomalies on any of the sites I monitor.