Thread Starter
Anonymous
A quick google shows that LiveJournal and Blogger are also vulnerable.
I’m not dissing your point, merely placing it in some sort of context.
Yes, we know about it. We’re working on getting a 1.2.1 ready.
Obviously fixing 1.2 is priority number 1 now, but is the same vulnerable code present in the 1.3 alpha releases? And if so, will it be fixed in one of the upcoming nightlies?
It’ll be fixed in 1.2 and 1.3.
Thread Starter
Anonymous
That’s a relief. I just saw this linked on Blogging Pro and it kind of freaked me, because the only fix their link gives is switching tools or editing the code, and I don’t know enough about PHP to fix it myself.
Is there an ETA on the patched version?
Thread Starter
Anonymous
@podz: This is also different to the blogger and livejournal holes because those are sites based on a single host, but many different hosts are running WordPress. If my livejournal gets hijacked I can blame livejournal, but if my wordpress blog is targeted my host will likely blame me and shut me down. So yes, this is an issue and I’m glad the devs are taking it seriously.
Fair enough, and I agree π
I understand that this issue isn’t viewed as massive, but all the same it IS a vulnerability. What are the chances that we’ll see something from the developers in the way of a progress report or a patch for those of us not using the CVS version. Perhaps on the dev blog?
