Some of the holes in 2.1.3 were also in 2.0.10

Thanks for the update

Interesting post none the less about security upgrades

~ Jared Ritchey

Thanks for letting us know, do you know if there are any security holes in 2.0.10? or were the fixes specific to the 2.1 series ?

Some of the holes in 2.1.3 were also in 2.0.10 These fixes have been applied to /branches/2.0/ and we should be releasing 2.0.11 soon. If you can’t wait, you can use Subversion to check out in-progress version of 2.0.11 from that 2.0 branch. The only way it’ll be updated is if there is an issue with our current changes or if an additional security issue comes to light in the next few days.

I upgraded to 2.1.something when I had the issue.

The reason I upgraded WordLog and resumed posting is because someone used a hole in the old, un-upgraded version to upload copies of movies, including Hannibal Returns to my VPS.

Did you alarm about that before WP 2.2 was released?

I think the issue was something to do with the server. Well, since **I’m** the server guy, too, it’s not like I can complain. Apparently, there was a kernel upgrade on Apache? I updated that, rebooted the server and all looks right with the world. CentOS

But why on earth would only some installs of WP be affected? That’s so weird!

Figured I’d post this here. I’ll continue to test and may post again.

Apologies to vent here.

I’ll be updating the WP to the latest version, but I’m trying to figure out what is wrong before I do that.

Sounds like there might be a broken plug-in that’s called only on the front-page of the blogs, or maybe some broken main page template code that doesn’t affect the individual post pages.

I’m not sure if this is related to something wacky on the server or not. OTHER versions of WP, (2.2 and not recently updated 2.05) DO come up just fine.

I keep waiting for wordpress to have an automatic update feature… =)

Upgrading/moving sites – NOT fun.

“Shut up Beavis.”