http://wordpress.org/development/2006/03/security-202/trackback/

For those of you that use WordPress and updated to version 2.0.1 earlier this year, there is a new patch that was posted just a few days ago. Thought that some of you might like to manually make that update. Here is the official press release:

An important security issue has been brought to the attention of the WordPress team and we have worked diligently to bring you a new stable release that addresses it. Our latest version 2.0.2 contains several bugfixes and security fixes.

The problems addressed are unannounced XSS issues privately discovered and reported to the WordPress team. Thanks to Mark Jaquith, Robert Deaton, and David House for assisting with this release.

Just a quick note: this is different than the snake-oil reports that went out on some security lists a few days ago. There were a couple, but they were either not actual security problems, too small to warrant a release, or just patently false. Remember: just because you read it on a mailing list doesn’t mean that it’s true. We’d be the first people to panic if there was an actual problem.

As always, when something serious crosses our desks we jump on it and get a well-tested release out as soon as possible.

When will fantastico have the updated version?

It was over a month after 2.0.1 was released before fantastico had it. I remember reading somewhere that fantastico is updated monthly. Not sure if that's true or not, but I don't wait for it anymore!

Who updates Fantastico? Does WP send the new release to them, or do "they" find it and update it?

It's not that difficult to update WP. Just whatever you do, don't delete your wp-content folder.

I've updated all my sites already.

Since I've made some slight mods to the sidebar (adding image links), I'll toss together a tar of the content subdir off to ${HOME} from time to time.

Saves a headache or three. ;)

--TSK