I am relieved to announce that WordPress 1.2.1 is now available for download. This release addresses a few bugs and minor security issues with 1.2. We’ve also backported the new login system from 1.3 that is much friendlier and should address many of the problems people have had with logging in and cookies.
Upgrading from 1.2 is very easy. Your existing templates and plugins should work just fine; all you need to do is overwrite the WordPress files and folders. To upgrade:
- Download 1.2.1
- Upload the new files to your site, taking care not to overwrite anything you may have modified like
Those of you who follow security lists may have noticed there was an announcement about WordPress a few days ago. This announcement was not entirely accurate and several articles have been published subsequently that feed off the hype. We take security very seriously, and the last WordPress advisory was over a year ago despite the astronomical growth we’ve experienced. Unfortunately the author of the advisory did not contact us before he published the problem so we found out about this when everyone else did. Most responsible security professionals contact the vendor first and in that case we could have released the fix at the same time the problem was announced. Fortunately it was a fairly low-risk problem and we have had no reports of anyone being affected.
At the same time we were responsibly notified of a related but separate problem in the code related to HTTP response splitting (PDF link) by “Chaotic Evil.” Some have asked why it took a few days for 1.2.1 to be released, and this is why. We wanted to be sure we addressed both problems and fully tested everything because a premature release would do more harm than good.
I want to thank Chaotic Evil for professionally notifying us of the problem and letting us address it before he announced it. Also thank you to our fantastic beta testers who helped us with this very rapid release cycle, and finally to the WordPress community for being so supportive while we prepared these fixes.