WordPress 2.1.2 Released

2.03.07
More
Internet or Software
Written by admin

Heads up WordPress users, moments ago WordPress 2.1.2 was released.

It’s highly recommended for anyone running 2.1.1, or if you know someone who is, they should upgrade to 2.1.2 as soon as possible.

It’s now available for download on the official WordPress download page.

To find out why this is a very important release, check out the WordPress Development blog.

Share and Enjoy:

Related Posts:

WordPress 2.2.2 and 2.0.11 Released | August 5, 2007
Bad Behavior 2.0.10 Released | January 27, 2007
WordPress 2.0.8 RC1 | February 1, 2007
Subscribe to Comments 2.1.1 Released | June 30, 2007
SRG Clean Archives | April 30, 2007

6 Comments

Doug Karr Says:

March 2, 2007 at 4:56 pm

Sean,

Any inside info on this? Is there any chance that they could have relayed personal data?

Thanks!
TechZ Says:

March 2, 2007 at 11:13 pm

Wow! Thanks a bunch Sean!
TechZOnline.net » Critical Update on WordPress, 2.1.2 Says:

March 2, 2007 at 11:19 pm

[...] to Sean for the info! Local Tags: cracker, Software, The Site, wordpress Related [...]
Sean Says:

March 4, 2007 at 4:24 pm

Doug,

The WordPress source code was recently compromised by a third party in order to enable remote command execution on the machines running affected versions.

If people had downloaded WP 2.1.1 after February 25, 2007, they had the effected version but since then with 2.1.2 it’s been corrected.

Also, since my post, I added the link (see above) to the official WP development blog which has more information.

At the time of my original post, nothing had been officially posted to the community. It was only reported to a few lists.
Doug Karr Says:

March 4, 2007 at 5:07 pm

Thanks, Sean. I read all of the posts regarding what occurred and immediately updated.

What is not being discussed which is of the most importance is HOW the hack could have been used.

It doesn’t help to update if the Remote Execution already passed my site configuration, login info, etc. to a third party. That requires me to do much more to protect myself.

If you can poke some more, it would be great. Thanks for staying on top of this!

Doug
Sean Says:

March 4, 2007 at 5:18 pm

Hey Doug, from what I know, only two files in the 2.1.1 distribution were effected to enable remote command execution.

The compromised files are:

wp-includes/feed.php and wp-includes/theme.php

I’m not sure if those two files would give up any configuration settings or passwords but it might be good to just update your passwords as an added security measure.

Leave a Reply

Recent Comments

Connecting Laptop to TV Without Getting a Headache

khaled farouk said:
I HAVE LAPTOP ACER EXTENSA 5220 WHEN I CONNECT WITH TV BY S VEDIO CABLES NOT CONNECT BUT CONNECTING ... (8 Comments)
49 Brain Teasers To Build Mind Muscle

Dave said:
After HUGE pressure from Obi Wan , I put the answers up ! :) (8 Comments)
20 Optical Illusions That Will Have You Stumped

Tristan said:
For the checkerboard one, i actually pulled the image onto my desktop and brought it up in paint, and what ... (28 Comments)
Apple Offers Web Video Tour Of The iPhone

WAHAB said:
i see from you website that you have a laptop companny so would you tell me about pric list, catalogue ... (3 Comments)
Sony VAIO NR21Z/S Laptop

ogba said:
iam interested to receive offers of laptop computers/ram/mother boad send me mored details of your offers thanks (1 Comment)

Copyright 2008 © Geek With Laptop. All Rights Reserved.