FYI...Wordpress 2.1.1 source backdoored
Last Updated: 2007-03-04 15:37:15 UTC ~ "The Wordpress development team has a notification up on their blog that version 2.1.1 of Wordpress has been compromised
, and code was added which allows remote code execution. This happened during a user-level compromise of one of their servers. While not all 2.1.1 downloads have been affected, they advise that everyone running this version should upgrade to version 2.1.2 immediately. This version is fully verified and is not backdoored..."
"...It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous and have released a new version 2.1.2* that includes minor updates and entirely verified files... We reset passwords for a number of users with SVN and other access, so you may need to reset your password
** on the forums before you can login again."
"...latest stable release of WordPress (Version 2.1.2)..."