Mark on WordPress

WordPress 2.1.2 is a mandatory upgrade

Posted in 2.1.2, security, upgrade, wordpress by Mark Jaquith on March 3rd, 2007

Just a quick point of clarification. WordPress 2.1.2 is a mandatory security upgrade for all users of 2.1 or 2.1.1

It doesn’t matter if you installed 2.1.1 on the first day it came out, well before the cracker modified the file on wordpress.org. It doesn’t matter if you upgraded to 2.1.1 using SVN. WordPress 2.1.2 has a security fix that 2.1.1 doesn’t have. And it has several fixes that 2.1 doesn’t have. So please, upgrade to 2.1.2 now.

28 Responses to 'WordPress 2.1.2 is a mandatory upgrade'

Subscribe to comments with RSS or TrackBack to 'WordPress 2.1.2 is a mandatory upgrade'.

  1. Rxbbx Blog Wordpress 2.1.2 said, on March 3rd, 2007 at 5:31 am

    [...] Related Links: - WordPress 2.1.1 dangerous, Upgrade - WordPress 2.1.2 is a mandatory upgrade [...]

  2. pseudotecnico:blog » Blog Archive » URGENTE: aggiornate a WordPress 2.1.2!! said, on March 3rd, 2007 at 6:09 am

    [...] sia utile anche questo post It doesn’t matter if you installed 2.1.1 on the first day it came out, well before the cracker [...]

  3. » WP 2.1.2 nuovo aggiornamento consigliato dato che la 2.1.1 è stata dichiarata pericolosa » WordPress Italy said, on March 3rd, 2007 at 6:56 am

    [...] http://markjaquith.wordpress.com/2007/03/03/wordpress-212-is-a-mandatory-upgrade/  [...]

  4. Wolly Weblog » WP 2.1.2 nuovo aggiornamento OBBLIGATORIO dato che la 2.1.1 è stata dichiarata pericolosa said, on March 3rd, 2007 at 7:04 am

    [...] http://markjaquith.wordpress.com/2007/03/03/wordpress-212-is-a-mandatory-upgrade/ [...]

  5. L’urlo del coniglio » Wordpress 2.1.1 “crackato”, passare subito a 2.1.2 said, on March 3rd, 2007 at 7:27 am

    [...] http://markjaquith.wordpress.com/2007/03/03/wordpress-212-is-a-mandatory-upgrade/  digg_url=’http://www.blogsfera.org/?p=5′; digg_skin = ‘compact’; digg_bgcolor = ‘#FFFFFF’; digg_title = ‘WordPress+2.1.1+%22crackato%22%2C+passare+subito+a+2.1.2′; digg_bodytext = ”; digg_topic = ”; Powered by Gregarious (21) [...]

  6. You didn’t hear? Upgrade now! at Holy Shmoly! said, on March 3rd, 2007 at 7:37 am

    [...] the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. [...]

  7. Aggiornamento critico per Wordpress » StormedBrains said, on March 3rd, 2007 at 8:31 am

    [...] - 13:30 del 3 marzo Leggendo quest’altro post sulla rete, si capisce che la versione 2.1.2 non è consigliata solo a chi ha aggiornato alla 2.1.1 [...]

  8. gidibao’s Cafe » Blog Archive » Emergency update said, on March 3rd, 2007 at 8:39 am

    [...] sito Mark on WordPress è altamente consigliato di effettuare in ogni caso l’upgrade, indipendentemente dal giorno [...]

  9. WordPress 2.1.2 - Viktig sikkerhetsoppgradering | Norsk WP said, on March 3rd, 2007 at 8:53 am

    [...] Mark on WordPress: WordPress 2.1.2 is a mandatory upgrade [...]

  10. Neuromancer said, on March 3rd, 2007 at 11:27 am

    It would have been more usefull if you said why and what problems its fixes.

  11. Aaron Brazell said, on March 3rd, 2007 at 12:26 pm

    Mark - are you having more luck than I am on conveying the enormity of the situation? :-p

  12. » Cracker Modifies 2.1.1 Download Files on Wordpress Servers said, on March 3rd, 2007 at 10:07 pm

    [...] on the day of launch, maybe I could skip the upgrade. Then I read Mark’s post which says it is a mandatory security upgrade for all users of 2.1 or [...]

  13. Mark Jaquith said, on March 4th, 2007 at 2:33 am

    It would have been more usefull if you said why and what problems its fixes.

    I linked to the changeset that closed the vulnerability. My main concern right now is making sure everyone upgrades.

  14. ThemePress » Donncha: You didn’t hear? Upgrade now! said, on March 4th, 2007 at 3:01 am

    [...] the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. [...]

  15. Charles Stricklin said, on March 4th, 2007 at 4:27 am

    I upgraded two blogs to 2.1.2, now http://whatever.com/feed/ says it can’t connect to the database!

  16. Charles Stricklin said, on March 4th, 2007 at 4:42 am

    Whew! Clearing the cache seemed to fix it. …sorry for panicking.

  17. Levysoft » Aggiornamento critico a Wordpress 2.1.2 said, on March 4th, 2007 at 6:48 am

    [...] e installato questa release da 4-5 giorni deve assolutamente passare alla versione 2.1.2! Ma Mark on WordPress consiglia caldamente a tutti di installare la 2.1.2, a prescindere da quando si sia installata la [...]

  18. Will Norris said, on March 4th, 2007 at 8:27 pm

    Given the nature of this latest “attack”, would it be possible to be begin providing md5 checksums of all downloads? Or are those already available somewhere?

    (Of course, if the attacker was able to modify the download package, he very well might have been able to modify the public checksum as well.)

  19. Jesstech said, on March 4th, 2007 at 9:49 pm

    So no diff file this time? You’ve gotta be kidding me. This isn’t a matter of national security here.

    I’m not editing files twice this week. Yes, my upgrade habits are sloppy. That’s why I use diffs.

    Gol, id’

  20. Jesstech said, on March 4th, 2007 at 9:50 pm

    ….sure like not to hit that stupid ’submit’ button by accident. =/

  21. WordPress 2.1.2 Important Upgrade! If You Didn’t » D’ Technology Weblog — Technology, Blogging, Gadgets, Fashion, Life Style. said, on March 5th, 2007 at 8:20 am

    [...] most of you must have already upgraded, if not, and you haven’t heard the news yet. You should upgrade your WordPress 2.1.1 install right away. Don’t delay [...]

  22. drivebyshooter.net » Blog Archive » WordPress 2.1.2 is a mandatory upgrade said, on March 8th, 2007 at 1:18 am

    [...] you read that right.  That’s what they say at Mark on WordPress and The Blog Herald.  According to the Herald: As was reported last week, the latest upgrade of [...]

  23. Leonardo said, on March 11th, 2007 at 8:31 pm

    I’m still having problems with the new WP version and PHP 5.2.1. I don’t get permalinks like “/%category%/%postname%/” to work. Some say it doesn’t happen on PHP 5.1. Does anyone know a workaround for this problem?

  24. WordPress Wednesday: Mandatory Update Reminder, WordCamp2007, Instant Upgrade Plugin, SxSW Conference, and More at The Blog Herald said, on March 14th, 2007 at 2:55 pm

    [...] of the latest version of WordPress and announcement that the latest version of WordPress is a mandatory full upgrade. Due to the nature of the new version, there are no upgrade only files available. Don’t wait. [...]

  25. WordPress Wednesday: New WordPress Plugin Directory, WordPress Theme Viewer Upgraded, Summer of Code, and More at The Blog Herald said, on March 21st, 2007 at 9:10 pm

    [...] 2.1.2 Mandatory Upgrade: This is a reminder that the last WordPress release was a mandatory full upgrade due to a server breach. Download the latest version of WordPress [...]

  26. WordPress Wednesday: Hot WordPress Plugins, Slideshows on WordPress.com, Translation Trouble, and More at The Blog Herald said, on March 28th, 2007 at 7:19 pm

    [...] WordPress 2.1.2 Mandatory Upgrade: This is a reminder of the latest version of WordPress is a mandatory full upgrade. [...]

  27. WordPress Wednesday: New Security Release, Updated WordPressMU, More WordPress Plugins, and Time to Get Naked at The Blog Herald said, on April 4th, 2007 at 6:56 pm

    [...] WordPress 2.1.2 Mandatory Upgrade: This is a reminder of the latest version of WordPress is a mandatory full upgrade. [...]

  28. WordPress Wednesday: New Security Release, Updated WordPressMU, More WordPress Plugins, and Time to Get Naked » TechAddress said, on April 9th, 2007 at 10:45 am

    [...] WordPress 2.1.2 Mandatory Upgrade: This is a reminder of the latest version of WordPress is a mandatory full upgrade. [...]

Leave a Reply