A few days go I was talked about how Wordpress keeps on releasing new security fixes nearly on a weekly basis and how this has created some work overload. Guess what, would you believe it? They’ve done it again. I really like WP but this is getting out of hand. Two hours ago they released a public statement warning users that version 2.1.1 has a dangerous security hole and an immediate upgrade is advisable. I best stop winning and get to work, I’m going to have yet another long night head of me.
by Justin, on March 6 2007 @ 10:16 am
Wordpress is a big target now, if you know a little about subversion try the following:
http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion
by Justin, on March 6 2007 @ 10:21 am
Just reading a little more on this exploit and it looks like if you use the method I mentioned in the previous post you do not have to update, the subversion repository was not affected, just the tarball/zip file download.
If you were using svn in the first place its a non-problem anyway;).
from http://wordpress.org/development/2007/03/upgrade-212/#more-199
>>What if we update from SVN?
>>Nothing in the Subversion repository was touched, so if you upgrade and maintain your blog via SVN there is no chance you downloaded the corrupted release file.