WordPress.org

WordPress 1.2.1

Posted October 6, 2004 by Matt Mullenweg. Filed under Releases.

I am relieved to announce that WordPress 1.2.1 is now available for download. This release addresses a few bugs and minor security issues with 1.2. We’ve also backported the new login system from 1.3 that is much friendlier and should address many of the problems people have had with logging in and cookies.

Upgrading

Upgrading from 1.2 is very easy. Your existing templates and plugins should work just fine; all you need to do is overwrite the WordPress files and folders. To upgrade:

  1. Download 1.2.1
  2. Unzip
  3. Upload the new files to your site, taking care not to overwrite anything you may have modified like index.php

Security Issues

Those of you who follow security lists may have noticed there was an announcement about WordPress a few days ago. This announcement was not entirely accurate and several articles have been published subsequently that feed off the hype. We take security very seriously, and the last WordPress advisory was over a year ago despite the astronomical growth we’ve experienced. Unfortunately the author of the advisory did not contact us before he published the problem so we found out about this when everyone else did. Most responsible security professionals contact the vendor first and in that case we could have released the fix at the same time the problem was announced. Fortunately it was a fairly low-risk problem and we have had no reports of anyone being affected.

At the same time we were responsibly notified of a related but separate problem in the code related to HTTP response splitting (PDF link) by “Chaotic Evil.” Some have asked why it took a few days for 1.2.1 to be released, and this is why. We wanted to be sure we addressed both problems and fully tested everything because a premature release would do more harm than good.

I want to thank Chaotic Evil for professionally notifying us of the problem and letting us address it before he announced it. Also thank you to our fantastic beta testers who helped us with this very rapid release cycle, and finally to the WordPress community for being so supportive while we prepared these fixes.

See Also:

Want to follow the code? There’s a development P2 blog and you can track active development in the Trac timeline that often has 20–30 updates per day.

Want to find an event near you? Check out the WordCamp schedule and find your local Meetup group!

For more WordPress news, check out the WordPress Planet or subscribe to the WP Briefing podcast.

Categories

Subscribe to WordPress News

Join 1,931,237 other subscribers

Archives

%d bloggers like this: