Title: Release Archive – Security Last modified: August 19, 2016 --- # Release Archive – Security * [OneWebsite](https://wordpress.org/support/users/onewebsite/) * (@onewebsite) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/) * Hey all, * On this page: * [http://wordpress.org/download/release-archive/](http://wordpress.org/download/release-archive/) * It says: * None of these are safe to use, except the latest in the 2.0 or 2.5 series, which are both actively maintained. * Does this mean no one should use anything other than 2.0.x or 2.5.x * What about 2.1.x, 2.2.x and 2.3.x * I was running 2.1, and think a security hole got me. I have heard people saying they like 2.3 better than 2.5 too. * I am writing a few plugins and what to know what to support. * Thanks Viewing 13 replies - 1 through 13 (of 13 total) * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754427) * what is confusing? * > None of these are safe to use * Thats fairly straightforward isnt it? * > except the latest in the 2.0 or 2.5 series * _Does this mean no one should use anything other than 2.0.x or 2.5.x_ * No, what that means, is what is says. * > except the latest in the 2.0 or 2.5 series * That would be 2.0.11 and 2.5.1 (currently) * Thread Starter [OneWebsite](https://wordpress.org/support/users/onewebsite/) * (@onewebsite) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754534) * What is confusing is that there is a line of product in between 2.0.11 and 2.5.1 and generally speaking most software lines do have massive gaps in stable production. One could assume that the latest in line of 2.1 would be better than 2.0 * And please spare me the righteous indignation. 3 more sentences in the description would clarify a very brief disclaimer that carries substantial weight. The semantics of safe is open to interpretation. Does that mean all hackers world wide will assemble to destroy your content if you dare install version 2.3. Will the server implode on installation? * Please don’t bother helping people if you do it with contempt. * Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * (@otto42) * WordPress.org Admin * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754537) * The 2.0 to 2.1 change was a big one in terms of how WordPress works. So the 2.0. x line is still maintained in terms of security updates. The 2.1 line has moved on to 2.5.x now. * Only 2.0.11 and 2.5.1 are the latest, stable, supported releases. * Thread Starter [OneWebsite](https://wordpress.org/support/users/onewebsite/) * (@onewebsite) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754538) * Thanks Otto. * I am installing WordPress for clients and clearly I need to decide which version to install. Each have features and limitations. Some plugins that have been developed for 2.1 only work on 2.1 and so if I begin to use 2.5 I will need to retool those plugins. * Taking into consideration feature set, plugins available and security are 2.1 or 2.3 worthwhile or should the be permanently abandoned for 2.5. * More than one person has expressed their devotion to legacy versions. * I understand it is as much as anything preference, but that is what I am looking for, experienced opinions. * Thanks again. * [moshu](https://wordpress.org/support/users/moshu/) * (@moshu) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754539) * You still don’t get it. At certain point – as Otto explained above – WP got “ split” in 2 branches: 2.0.x (the only safe one = 2.0.11) and 2.1.x <== this one evolved and today is 2.5.1. NOTHING else is safe in this branch, only the latest. 2.1.x, 2.2.x, 2.3.x = ALL unsafe. It is not personal preference. It is responsibility to keep your blog (and clients’ blog) safe. * Just for the record: for a few blogs I also use 2.0.11 (but not 2.04, for example, because only the 2.0.11 is safe). * So, you either use 2.0.11 or 2.5.1. And update next month is 2.5.2 comes out. That’s how it works. * Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * (@otto42) * WordPress.org Admin * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754540) * It really depends on the plugins in question. I would examine the plugins that have issues with 2.5 and look for alternative plugins first. Usually they can be found. * Thread Starter [OneWebsite](https://wordpress.org/support/users/onewebsite/) * (@onewebsite) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754541) * Moshu, * I do get that very well thanks. * Can you define safe? * You see I have lots of software, and most of it is old. I don’t always upgrade to the latest version, as I am sure you do as well (unless you have deep pockets). * Are you suggesting that _every_ client I have installed wordpress 2.1 for _must_– absolutely must be upgraded? * I understand that WordPress is not a desktop application and is susceptible to threats that Photoshop isn’t and therefore there isn’t a critical need to upgrade to CS3 except for feature and to make Adobe richer. * [moshu](https://wordpress.org/support/users/moshu/) * (@moshu) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754542) * > Are you suggesting that every client I have installed wordpress 2.1 for must– > absolutely must be upgraded? * Yes. Or left open for hackers. * Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * (@otto42) * WordPress.org Admin * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754543) * > _Are you suggesting that every client I have installed wordpress 2.1 for must– > absolutely must be upgraded?_ * Yes. Upgrading is not really optional because of security issues in older versions. Hackers write scripts to exploit those found holes in old versions and use them to hack and deface sites. * Versions of WordPress past 2.3.something actually check the latest version on wordpress.org servers and notify the admin user when an upgrade is available. * Thread Starter [OneWebsite](https://wordpress.org/support/users/onewebsite/) * (@onewebsite) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754544) * Thank you, * I will upgrade my old versions. * Is there an svn repo for 2.5.1 to pull revisions from or must updates be done manually? * Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * (@otto42) * WordPress.org Admin * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754545) * Yes, there is an SVN repository. * See: [http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion](http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion) * The repo is here: [http://svn.automattic.com/wordpress](http://svn.automattic.com/wordpress) * Different versions are tagged: [http://svn.automattic.com/wordpress/tags/2.5.1/](http://svn.automattic.com/wordpress/tags/2.5.1/) * Thread Starter [OneWebsite](https://wordpress.org/support/users/onewebsite/) * (@onewebsite) * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754549) * Sweet, thanks. * I read the first link doc. * I understand that if and when the 2.5.1 is updated I will run the switch command to update the files – although I am not sure why it is different here than the bleeding version when you use svn up. * What happens when 2.5.1 goes to 2.5.2. I am assuming that the switch command would no longer be relevant? Or would I use the following, even if my current tag is 2.5.1: * $ svn sw [http://svn.automattic.com/wordpress/tags/2.5.2/](http://svn.automattic.com/wordpress/tags/2.5.2/) * Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * (@otto42) * WordPress.org Admin * [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754561) * You would upgrade by switching to a new version number. * Those “tags” are snapshots. They never change ever again. Only trunk changes. At the time of a release, the trunk is copied to the new tag folder (more or less, some minor adjustments are made) and the release is done. * Bleeding (aka trunk) changes daily. Sometimes hourly. Viewing 13 replies - 1 through 13 (of 13 total) The topic ‘Release Archive – Security’ is closed to new replies. * In: [Installing WordPress](https://wordpress.org/support/forum/installation/) * 13 replies * 4 participants * Last reply from: [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/) * Last activity: [18 years ago](https://wordpress.org/support/topic/release-archive-security/#post-754561) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics