WordPress 2.1.2 is a mandatory upgrade

Just a quick point of clarification. WordPress 2.1.2 is a mandatory security upgrade for all users of 2.1 or 2.1.1

It doesn’t matter if you installed 2.1.1 on the first day it came out, well before the cracker modified the file on wordpress.org. It doesn’t matter if you upgraded to 2.1.1 using SVN. WordPress 2.1.2 has a security fix that 2.1.1 doesn’t have. And it has several fixes that 2.1 doesn’t have. So please, upgrade to 2.1.2 now.

31 thoughts on “WordPress 2.1.2 is a mandatory upgrade

  1. It would have been more usefull if you said why and what problems its fixes.

    I linked to the changeset that closed the vulnerability. My main concern right now is making sure everyone upgrades.

  2. Given the nature of this latest “attack”, would it be possible to be begin providing md5 checksums of all downloads? Or are those already available somewhere?

    (Of course, if the attacker was able to modify the download package, he very well might have been able to modify the public checksum as well.)

  3. Jesstech says:

    So no diff file this time? You’ve gotta be kidding me. This isn’t a matter of national security here.

    I’m not editing files twice this week. Yes, my upgrade habits are sloppy. That’s why I use diffs.

    Gol, id’

  4. Leonardo says:

    I’m still having problems with the new WP version and PHP 5.2.1. I don’t get permalinks like “/%category%/%postname%/” to work. Some say it doesn’t happen on PHP 5.1. Does anyone know a workaround for this problem?

Comments are closed.