Textpattern CMS support forum
- From: Avon Park, FL
- Registered: 2004-02-24
- Posts: 1,340
Re: [mention] Summary of Recent Textpattern Security Issues (Upgrade to 4.4.0 ASAP!)
There is always a concern when security issues come up over how and when to publicize them. It seems pretty obvious in retrospect that Neal alerted the developers, gave them a chance to work on the problems and get 4.4.0 out, let everyone put it through testing and let all the people who are naturally hesitant to upgrade get a chance to see that things have gone okay, and now Neal has actually released what he has found to give the naturally hesitant another incentive. This is exactly how this sort of thing should work when adults act responsibly.
The fact is, the vulnerabilities were always there and are still there on any pre-4.4.0 install. Hoping that only Neal and the developers know about them can only last so long. If you haven’t upgraded yet, you should. If you get hacked and haven’t upgraded, you probably won’t know if it is the information that was just revealed or an evildoer discovering it independently.
I haven’t installed a non-point release version of Textpattern in years but I fully intend to asap.
p.s. When things calm down a little, perhaps a blog post similar to this one…
Last edited by michaelkpate (2011-05-27 00:10:58)