Urgent: All WordPress 2.1.1 Users Upgrade To 2.1.2 NOW!
An urgent notice has just been posted by WordPress encouraging all WordPress 2.1.1 users to upgrade to 2.1.2. After reading the post, I’d advise just doing it anyway:
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files.
Very scary stuff and I’m betting this will be talked about a fair bit over the weekend.
Bookmark & Share
Related Posts
- WordPress 2.07 Released - 10 Days After 2.06, And 10 Days Before 2.1….
- WordPress Automatic Upgrade Plugin
- Time To Upgrade WordPress Again…..
- Another Month, Another WordPress Update….
- Virgin Media Introduce Speed Caps
- P2P Usage Has Had No Noticeable Effects On The Sale Of Music
- New Version Of Windows Vista Advisor Launched Today
Comment by Thilak on 3 March 2007:
Something like this shouldn’t keep happening, else it might just scare off users from upgrading.
Comment by Ajay on 3 March 2007:
Everton,
I’ve posted a small tutorial about upgrading WordPress via Shell.
Comment by Everton on 3 March 2007:
WP was always going to get attacked at some point (and I bet they are under attack all the time they just never tell us), so I don’t think it will scare people away as long as they continue to act responsibly like they have.
I do think they need to incorporate a better notification system than posting the news on a blog and getting bloggers to spread the word though.