Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Important: Upgrade to WordPress 2.1.2

In the interest of getting the word out as quickly and as widely as possible, a brief word about a new WordPress release: If you recently installed version 2.1.1, you should upgrade to WordPress 2.1.2 immediately. There was a security breach on the server which housed the download archives, and some files in the 2.1.1 download were modified to include a serious security hole. There are more details in the official WordPress Dev Blog announcement.

While technically this only affects those who downloaded the 2.1.1 .zip or .tar.gz archives from the site in about the last week, it certainly wouldn’t hurt to go ahead and upgrade, even if you downloaded earlier, or installed from SVN. Just because (there are a couple of unrelated bugfixes in there, after all).

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in Security, Software, WordPress and tagged , , . Bookmark the permalink.

16 Responses to Important: Upgrade to WordPress 2.1.2

  1. This is obviously bad news, I seriously hope that it won’t dent anyone’s confidence in WordPress.

    I think it’s worth highlighting that the WordPress team have dealt with this in exemplary fashion so far, being completely open about the problem, as opposed to some software companies who would prefer to pretend there isn’t a problem and “sweep it under the rug”. Well done guys, you’ve taken a professional and responsible approach.

    I’ve already upgraded to 2.1.2 and it went smoothly – I’ve published the steps I followed in my blog entry at:

    I had a look at wp-includes/theme.php and feed.php from my 2.1.1 installation and didn’t see anything nefarious, but I may take a closer look. I’d be interested to see what exactly was put in there.

  2. OneEyed says:

    Thanks for the update. I am still in 2.0. Need to upgrade to the latest one.

  3. Pingback: Upgrading to Wordpress 2.1.2 | Simon Wakeman - Marketing, public relations and digital communications

  4. Cynth says:

    Dougal, you rock!

    Kudos for sacrificing sleep and family time to get this patched, even while your old home town was being destroyed by a twister.

  5. Pingback: no wow

  6. Pingback: Александр Мэкаль

  7. Pingback: 精神奕奕

  8. Pingback: :- BlogWize -: » ** Wordpress - Important

  9. Jonathan says:

    Yes, I’m with Cynth. You and the gang did a stand-up job pushing this fix.

  10. Pingback: Kentoo’s Fields » Upgrade Immediato.

  11. Pingback: La Bitácora del Tigre · Urgente: actualización de WordPress a la versión 2.1.2

  12. Pingback: La Bitácora del Tigre · 300

  13. Vigingsson says:

    Upgrade was painless. Is there something in the logs I could look out for to see if anyone *tries* to hack into the site (besides the usual crap)? I’d like to know when people try. If their attempt dumps a standard Apache error that is easy to spot but I’m wondering if there is something specific to this issue to keep a lookout for.

  14. Pingback:

  15. Adrian says:

    I really wish WordPress would sort out their email notification system. Surely someone has the ability to copy the emails in the site into a mailing list. Then we can hear on the day these issues arise. I do not mean the dev lists or the user lists. But a version release list that we do not need to look in our dashboards to find out. email is a more effective way of making sure users of wordpress are notified of new releases. And I am aware that the inbuilt mailout on the wordpress forum does not function or is not used.


  16. Pingback: WordPress 2.1.2 Emergency Upgrade Released at Andrew Wee | Blogging | Affiliate Marketing | Social Traffic Generation | Internet Marketing

Leave a Reply

%d bloggers like this: