Mark on WordPress

WordPress puts food on my table.

WordPress 2.1.2 is a mandatory upgrade

with 28 comments

Just a quick point of clarification. WordPress 2.1.2 is a mandatory security upgrade for all users of 2.1 or 2.1.1

It doesn’t matter if you installed 2.1.1 on the first day it came out, well before the cracker modified the file on wordpress.org. It doesn’t matter if you upgraded to 2.1.1 using SVN. WordPress 2.1.2 has a security fix that 2.1.1 doesn’t have. And it has several fixes that 2.1 doesn’t have. So please, upgrade to 2.1.2 now.

Written by Mark Jaquith

March 3, 2007 at 4:59 am

28 Responses

Subscribe to comments with RSS.

  1. [...] Related Links: – WordPress 2.1.1 dangerous, Upgrade – WordPress 2.1.2 is a mandatory upgrade [...]

  2. [...] sia utile anche questo post It doesn’t matter if you installed 2.1.1 on the first day it came out, well before the cracker [...]

  3. [...] http://markjaquith.wordpress.com/2007/03/03/wordpress-212-is-a-mandatory-upgrade/  digg_url=’http://www.blogsfera.org/?p=5′; digg_skin = ‘compact’; digg_bgcolor = ‘#FFFFFF’; digg_title = ‘WordPress+2.1.1+%22crackato%22%2C+passare+subito+a+2.1.2′; digg_bodytext = ”; digg_topic = ”; Powered by Gregarious (21) [...]

  4. [...] the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. [...]

  5. [...] – 13:30 del 3 marzo Leggendo quest’altro post sulla rete, si capisce che la versione 2.1.2 non è consigliata solo a chi ha aggiornato alla 2.1.1 [...]

  6. [...] sito Mark on WordPress è altamente consigliato di effettuare in ogni caso l’upgrade, indipendentemente dal giorno [...]

  7. [...] Mark on WordPress: WordPress 2.1.2 is a mandatory upgrade [...]

  8. It would have been more usefull if you said why and what problems its fixes.

    Neuromancer

    March 3, 2007 at 11:27 am

  9. Mark – are you having more luck than I am on conveying the enormity of the situation? :-p

    Aaron Brazell

    March 3, 2007 at 12:26 pm

  10. [...] on the day of launch, maybe I could skip the upgrade. Then I read Mark’s post which says it is a mandatory security upgrade for all users of 2.1 or [...]

  11. It would have been more usefull if you said why and what problems its fixes.

    I linked to the changeset that closed the vulnerability. My main concern right now is making sure everyone upgrades.

    Mark Jaquith

    March 4, 2007 at 2:33 am

  12. [...] the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. [...]

  13. I upgraded two blogs to 2.1.2, now http://whatever.com/feed/ says it can’t connect to the database!

    Charles Stricklin

    March 4, 2007 at 4:27 am

  14. Whew! Clearing the cache seemed to fix it. …sorry for panicking.

    Charles Stricklin

    March 4, 2007 at 4:42 am

  15. [...] e installato questa release da 4-5 giorni deve assolutamente passare alla versione 2.1.2! Ma Mark on WordPress consiglia caldamente a tutti di installare la 2.1.2, a prescindere da quando si sia installata la [...]

  16. Given the nature of this latest “attack”, would it be possible to be begin providing md5 checksums of all downloads? Or are those already available somewhere?

    (Of course, if the attacker was able to modify the download package, he very well might have been able to modify the public checksum as well.)

    Will Norris

    March 4, 2007 at 8:27 pm

  17. So no diff file this time? You’ve gotta be kidding me. This isn’t a matter of national security here.

    I’m not editing files twice this week. Yes, my upgrade habits are sloppy. That’s why I use diffs.

    Gol, id’

    Jesstech

    March 4, 2007 at 9:49 pm

  18. ….sure like not to hit that stupid ’submit’ button by accident. =/

    Jesstech

    March 4, 2007 at 9:50 pm

  19. [...] most of you must have already upgraded, if not, and you haven’t heard the news yet. You should upgrade your WordPress 2.1.1 install right away. Don’t delay [...]

  20. [...] you read that right.  That’s what they say at Mark on WordPress and The Blog Herald.  According to the Herald: As was reported last week, the latest upgrade of [...]

  21. I’m still having problems with the new WP version and PHP 5.2.1. I don’t get permalinks like “/%category%/%postname%/” to work. Some say it doesn’t happen on PHP 5.1. Does anyone know a workaround for this problem?

    Leonardo

    March 11, 2007 at 8:31 pm

  22. [...] of the latest version of WordPress and announcement that the latest version of WordPress is a mandatory full upgrade. Due to the nature of the new version, there are no upgrade only files available. Don’t wait. [...]

  23. [...] 2.1.2 Mandatory Upgrade: This is a reminder that the last WordPress release was a mandatory full upgrade due to a server breach. Download the latest version of WordPress [...]

  24. [...] WordPress 2.1.2 Mandatory Upgrade: This is a reminder of the latest version of WordPress is a mandatory full upgrade. [...]

  25. [...] WordPress 2.1.2 Mandatory Upgrade: This is a reminder of the latest version of WordPress is a mandatory full upgrade. [...]

  26. [...] WordPress 2.1.2 Mandatory Upgrade: This is a reminder of the latest version of WordPress is a mandatory full upgrade. [...]


Leave a Reply