WordPress 2.1.2 - Essential upgrade

March 3, 2007 · CommentsWordPress+2.1.2+-+Essential+upgrade2007-03-03+09%3A31%3A44neville

in Software, Weblog Tools, Weblogs

If you use WordPress version 2.1.1, a dangerous security breach in that version has been discovered.

The announcement came late yesterday:

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

[...] No downloads were altered except 2.1.1, so if you’ve downloaded any version of 2.0 you should be fine.

When a software alert includes the word “dangerous,” you know you need to take immediate action. Download version 2.1.2 and follow the excellent upgrade guide.

Please spread the word to anyone you know using WordPress version 2.1.1.

Other relevant posts you may find interesting:

{ 5 comments… read them below or add one }

1 Paul Woodhouse 03.03.07 at 20:53: I just popped on to see how your upgrade went. Aren’t you glad you didn’t dither much longer?

At least they seem to be on top of the ‘Dangerous Wordpress’ thing. It smacks of shards of glass in your baby milk or flu-ridden Hungarian bootiful turkeys. It might even be an elaborate marketing ploy to get your average Joe to use the ’safer’ wordpress.com.

I wouldn’t mind but 2.1.1 had just solved most of my problems.

Anyway, the tightening across my chest has started to subside with all the Wordpress worry and I’ve even managed a move to a new host without anybody noticing a damn thing.

Things couldn’t be better, unless, of course, Wordpress kills me in my sleep.
2 ventureblogalist 03.04.07 at 13:20: Hi Neville,

Please contribute to this list if you can! I am guessing you might know a few folks!

http://www.ventureblogalist.com/?p=266

The easiest way to suggest some folks is to use this —-
http://communityexperts.wetpaint.com/

I hope you find the list helpful too!

Best Regards,
Rob Finn
3 neville 03.04.07 at 13:44: I haven’t yet upgraded this blog to the latest WordPress, Paul. I did upgrade last week to the security fix release 2.0.9 which is still the 2.0 branch of WordPress.

I have just upgraded my sandbox to 2.1.2, though. That was dead easy.

The theme’s the thing. Until I get clear in my mind what I’m going to do about that, I’ll not do the upgrade here. So basically, I’m still dithering…
4 Dee Rambeau 03.05.07 at 4:58: Neville,
not that a seasoned, mature CMS couldn’t be hacked…it could. But…one of my arguments against blog platforms for public corporations is exactly this. Too easy.
5 neville 03.05.07 at 6:42: It is a risk, Dee, I agree. Yet reading the accounts of what happened with this WordPress scare (a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file) leads me to think that something like this could happen with any application - whether it’s a blog, a database or a CMS - where access to files is based on the trust established with and from every user, reflected by the access grants.

Having said that, something like this is still a massive problem. WordPress’ reputation is at stake. Even if the problem relates only to the version 2.1.1. download files in a specific time window, I’d want to re-download the latest version 2.1.2 and reinstall the whole platform no matter when I’d originally installed 2.1.1. I’ve even seen a couple of posts saying that 2.1.2 contains some bug fixes.

All in all, this is not a good situation.

Leave a Comment

Previous post: The Telegraph’s continuing re-invention

Next post: Experiencing the eclipse

Search This Site

× close
About

Welcome to NevilleHobson.com - the place at the intersection of business, communication and technology. Sometimes, it's a collision.

Neville Hobson is a communicator, blogger and podcaster based in the UK.

» more
Latest Posts
Latest Comments
Podcast
Categories
Posts Archives
NevOn Archive

www.nevon.net - commentary and conversations from December 2002 until February 2006
Copyright
Stats