WordPress 2.1.1 Critical Security Alert - Download Upgrade to 2.1.2 WordPress的2.1.1臨界安全警報-下載升級到2 .1.2

WordPress WordPress的 developer community has labeled and classified the entire version 2.1.1 of WordPress release dangerous with serious security threat and unsafe to use in production environment.開發者社區已標記和分類整個版本2.1.1發布WordPress的危險與嚴重的安全威脅和不安全的使用在生產環境。 WordPress users who are using WordPress v2.1.1, especially those who just downloaded it over the last 4 or 5 days, should immediately download the latest version 2.1.2 of WordPress and upgrade their installation by overwriting all old files fully. WordPress的用戶誰使用WordPress的v2.1.1 ，尤其是那些誰剛剛下載它在過去的4年或5天，應立即下載最新版本2.1.2的WordPress的升級安裝覆蓋所有的舊檔案完全。 Apparently, a hacker or cracker had managed to hack into a server hosting wordpress.org, and gained user-level access to modify the download file of WordPress to include security-comprised exploitable code.顯然，黑客或黑客已設法侵入一台服務器託管wordpress.org ，並獲得用戶級訪問修改下載文件的WordPress的，包括安全包括利用代碼。

According to據 WordPress blog WordPress的博客 : ：

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file.這是確定一個裂解裝置獲得了用戶級訪問的一個服務器上，權力wordpress.org ，並利用這個機會來修改下載文件。 We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack.我們已鎖定該服務器為進一步取證，但在這個時候看來2.1.1下載是唯一的事情所感動攻擊。 They modified two files in WP (theme.php and feed.php) to include code that would allow for remote PHP execution.他們修改兩個文件中可濕性粉劑（ theme.php和feed.php ） ，包括代碼，將允許遠程PHP的執行。

If you have any questions on this security hole, you can email如果您有任何問題關於這個安全漏洞，你可以通過電子郵件 21securityfaq@wordpress.org . 。

Download and install the latest version of Wordpress (version 2.1.2) from下載並安裝最新版本的WordPress的（ 2.1.2版）由 Download page下載頁面 to patch the security hole.修補了安全漏洞。 Or download from或下載 direct download link for ZIP file直接下載鏈接為ZIP文件 . 。

Update:更新： WordPress 2.2 WordPress的2.2 released for download.發布供下載。

IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要說明：這是一台機器翻譯網頁這是“原樣”提供，無保修。 Machine translation may be difficult to understand.機器翻譯可能很難理解。 Please refer to請參閱 original English article英文原文的文章 whenever possible.只要有可能。

Share and contribute or get technical support and help at共享和貢獻或獲得技術支持和幫助 My Digital Life Forums 我的數字生活論壇 . 。

Related Articles相關文章

• Automatically Update WordPress to Latest Version with Automatic Upgrade Plugin (WPAU) WordPress的自動更新到最新版本的自動升級插件（ WPAU ）
• Download Previous or Old Version of WordPress以前下載或舊版本的WordPress的
• Download WordPress 2.3 Release Candidate 1 (RC1) with Tags Support下載WordPress的2.3候選發布版1 （一號）與標籤支持
• Latest Version of WordPress 2.3.1 Released最新版本的WordPress的2.3.1發布
• WordPress 2.2 Released for Free Download WordPress的2.2發布免費下載
• How to Get Linux Server Sends Email Alert on Root Login如何獲得Linux服務器發送電子郵件警報root登錄
• Integrate WordPress including Comments with bbPress Forum using bbSync WordPress的整合，包括評論與bbPress論壇使用bbSync
• How to Change the Frequency or Interval WordPress Auto Saves An Editing Post or Page如何改變頻率或間隔WordPress的自動保存編輯後或網頁
• Technorati Incoming Links Plugin for WordPress Technorati的傳入聯繫WordPress的插件
• Disable WordPress 2.3 Core and Plugins Update Check and Notification禁用WordPress的2.3核心和插件更新檢查和通知

This entry was posted on Saturday, March 3rd, 2007 at 1:41 pm and is filed under 本條目被張貼在週六， 2007年3月三日在下午1點41分，並提交下 Internet Services 上網服務 . 。 You can follow any responses to this entry through the 您可以按照任何反應，這個項目通過 RSS 2.0 2.0 feed. You can 飼料。您可以 leave a response 留下一個反應 , or 或 trackback 引用 from your own site. 從您自己的網站。