For the first (and hopefully last) time ever, we’re glad to hear that WordPress has a major security vulnerability. Why? As a result of a security vulnerability that affects WordPress 2.0.6 and below on certain server configurations, the WordPress Developers Team has released a new version of WordPress that incorporates both a security patch for the detailed vulnerability, and a fix for the FeedBurner Bug that we reported for 2.0.6. You can download WordPress 2.0.7 or see the list of affected/changed files here on the WP Development Blog.
Originally, the WordPress team had refused to patch the WordPress 2.0.6 FeedBurner Bug on the premise that it was too soon to release another version of WordPress for a “minor” bug – which we disagreed with. However, you can now download WordPress 2.0.7 and hopefully this time there aren’t any surprise bugs that need immediate patching. We highly recommend everyone goes and downloads WordPress 2.0.7 immediately in order to avoid anyone compromising their blog/site via the security hole in WordPress 2.0.6.
Correction: WordPress is released and maintained independant from Automattic
“Automattic has released a new version of WordPress”
Automattic doesn’t release WordPress! It’s completely separate people, time, servers, organizations, etc. This release was entirely coordinated by the great work of Mark Jaquith, who is not an Automattic employee, and included patches from half a dozen people also not employees.
“Originally, the WordPress team had refused to patch the WordPress 2.0.6 FeedBurner Bug on the premise that it was too soon to release another version of WordPress.”
It was, but the security problem necessitated a prompter response and a very minor patch release seemed appropriate.
I’ve fixed the Automattic thing, it was a typo in 2 places, of which I forgot to fix one of them.
…You didn’t let me finish my sentence:
?Originally, the WordPress team had refused to patch the WordPress 2.0.6 FeedBurner Bug on the premise that it was too soon to release another version of WordPress for a minor bug.?
Naturally, as you said, a security vulnerability isn’t such a bug, and deserves as many releases as it takes to get it right.