Saturday 28 October 2006 by zem

Someone finally found an exploit in Textpattern – in a gamma release from 2 ½ years ago.

All 4.0.x release versions are secure against this exploit. The problem was discovered and fixed by Sencer shortly after the g1.19 release.

The author of the exploit made no attempt to contact us, so I won’t credit him with finding the vulnerability or provide a link.

Anyone running Textpattern g1.19 or earlier should upgrade immediately.

Though they are not vulnerable to this attack, we strongly recommend anyone running old versions of Textpattern should also upgrade as soon as possible.