Just a quick point of clarification. WordPress 2.1.2 is a mandatory security upgrade for all users of 2.1 or 2.1.1
It doesn’t matter if you installed 2.1.1 on the first day it came out, well before the cracker modified the file on wordpress.org. It doesn’t matter if you upgraded to 2.1.1 using SVN. WordPress 2.1.2 has a security fix that 2.1.1 doesn’t have. And it has several fixes that 2.1 doesn’t have. So please, upgrade to 2.1.2 now.
It would have been more usefull if you said why and what problems its fixes.
Mark – are you having more luck than I am on conveying the enormity of the situation? :-p
I linked to the changeset that closed the vulnerability. My main concern right now is making sure everyone upgrades.
I upgraded two blogs to 2.1.2, now http://whatever.com/feed/ says it can’t connect to the database!
Whew! Clearing the cache seemed to fix it. …sorry for panicking.
Given the nature of this latest “attack”, would it be possible to be begin providing md5 checksums of all downloads? Or are those already available somewhere?
(Of course, if the attacker was able to modify the download package, he very well might have been able to modify the public checksum as well.)
So no diff file this time? You’ve gotta be kidding me. This isn’t a matter of national security here.
I’m not editing files twice this week. Yes, my upgrade habits are sloppy. That’s why I use diffs.
Gol, id’
….sure like not to hit that stupid ‘submit’ button by accident. =/
I’m still having problems with the new WP version and PHP 5.2.1. I don’t get permalinks like “/%category%/%postname%/” to work. Some say it doesn’t happen on PHP 5.1. Does anyone know a workaround for this problem?
This post is great. thank you for sharing these helpful infos. I appreciate your work man
hi,
I am very glad to thank yousharing this post.I also appreciate your work here.nice blog