« Song of the Week
Art Of Life »

WordPress 2.1.1 dangerous, Upgrade to 2.1.2

Fuck. This. Shit.

And the greatest thing is, svn is showing the latest revision to be 4960 - which my WordPress install is reporting as corresponding to tag 2.1.1. So I presume their svn repository is out of date (!). Thanks, WordPress, for the latest “automattic” vulnerability.

UPDATE: Phew:

The attacker only altered the released files on the download server, not the Subversion repository.

In other words, I (and anyone else who installs via svn) is not affected. The svn repository is indeed now out of sync with the zip download, though it’s no longer so critical that is fixed immediately.

Still totally, absolutely unacceptable and raises serious questions about the competence of the WordPress server administrators. They missed this one, what else might they have missed?

This entry was posted on Saturday, March 3rd, 2007 at 4:44 pm and is filed under site, technology. You can follow any responses to this entry through the feed. You can leave a response, or trackback from your own site.

One Response to “WordPress 2.1.1 dangerous, Upgrade to 2.1.2”

  1. Wincent Colaiuta Says:
    March 5th, 2007 at 7:44 am

    I am similarly disappointed and have retired my one remaining WordPress install from service:

    http://wincent.com/knowledge-base/Removing_a_WordPress_2.1.1_installation_and_replacing_it_with_a_static_mirror

Leave a Reply