Wordpress 2.1.1 may contain nasty surprise

Breaking news on the internets right now as Matt over at WordPress is reporting some serious issues with packages of WordPress 2.1.1 downloaded over the past 3-4 days. According to a blog post, a malicious intruder gained access to the wordpress.org servers and modified the files being made available for download. How exactly this happened is still unknown.

The long-and-short of the situation is this: if you downloaded and installed the most recent version of WordPress from wordpress.org in the last few days, you weren't downloading the official release– you were downloading a modified version that likely includes some sort of back-door.

Although only a subset of in-the-wild copies of 2.1.1 contain the vulnerability, the development team has declared the entire release "dangerous," and highly suggest all users upgrade to 2.1.2.

Tags: 2.1.1, 2.1.2, opensource, vulnerability, wordpress