Read here, I must admit it’s a real shame these hackers don’t contact the developers a few days before making the announcement.
Thankfully we’ve never had that problem with Serendipity.
Update: It appears the wordpress developers WAS contacted before the announcement, check out http://www.securityfocus.com/archive/1/376766
“There is not any solution yet. I contacted Matthew Mullenweg, one of the lead developers of wordpress, on Wednesday but I did not receive any answer until yet.”
Ben Ramsey
October 7, 2004 at 18:52
Thanks, Tom, for the advisory. I just upgraded my blog to WordPress 1.3-alpha4 (from CVS). I hope that it contains the update included in the WordPress 1.2.1 release that the developers at WP seem to have quickly put out to repair the vulnerabilities.
Matt
October 11, 2004 at 22:09
As I said in the dev blog post about it, I never received an email regarding any security issues when he claimed. I did get an email for a separate issue a little later but from a different person. Too bad, but it happens.