Nothing like patching just a few days after patching. At this rate we might as well forget testing. :) But seriously, WordPress reports that they’re still working on some of the php vulnerabilities that recently seemed to be attracting attention, and so they’ve announced 2.0.7.
I like how they say “It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.” Wouldn’t that be everyone not running 2.0.7, or in short, everyone?
We know it sucks to have a release only 10 days after our last one, but we think it’s important enough for your blog to be secure to do it, and hopefully only having to change a few files will make the upgrade easier than normal.
It would definitely suck worse if they decided not to release in order to save face, or to save us the hassle, etc. as I’d prefer to be in charge of whether I want to fix a vulnerability or sit back and relax for a few more days, weeks, years while the Russians* attack.
Patch, patch, patch…
* Some folks I know said they managed to monitor and confirm the Russian connection. Unfortunately, I can’t say more, but I wanted to mention that I’m not arbitrarily choosing a country, just reporting the news/logs.