f you downloaded WordPress 2.1.1 in the last few days as part of your WordPress upgrade, its time to upgrade again to WordPress 2.1.2. AÂ cracker gained user-level accessÂ to one of the servers that powers wordpress.org, and modifed the wordpress download files. Although not all downloads of 2.1.1 were affected, they declared theÂ entire version dangerousÂ and have released a new version 2.1.2 that includes minor updates too.
TheÂ official word from wordpressÂ is that if you are still on WordPress 2.1.1, then perform a full overwrite of old files via FTP. They advise webhosts can vlock access to theme.php and feed.php and selected query strings.
My first reaction was since the problem occurred for last 3-4 days and I downloaded it on the day of launch, maybe I could skip the upgrade. Then I read Markâ€™s post which says it is aÂ mandatory security upgrade for all usersÂ of 2.1 or 2.1.1 as it has several security fixes.