WordPress 2.1.3 has been released and I have updated this site to WordPress 2.1.3.
These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems.
It is now slightly pass midnight and I am officially 23 years old =D
I am officially 23 years old this coming Saturday (24th March 2007). In case you are wondering, my age is exactly the same as Matt (the founder of WordPress). His birthday is in January and mine is in March.
Donations anyone? To help me get my birthday present? =D
WordPress 2.1.2 has been released and I have updated this site to WordPress 2.1.2.
It is an emergency release, so I urged all of you to upgrade it.
Here is what happen, copied + pasted:
This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
Remember to overwrite EVERY files/folders except those in the ‘wp-content’ folder.
DO NOT POST support questions in the comments, please use http://forums.lesterchan.net instead.
BUT before you do that, please make sure you have read the plugins online readme and NOTE the tabs at the top. That is the exact same readme.html that is included in the zip file of each plugin.