[wp-hackers] [Fwd: [waraxe-2007-SA#050] - Sql Injection inWordPress 2.1.3]

Mark Jaquith mark.wordpress at txfx.net
Tue May 22 20:19:44 GMT 2007

On May 22, 2007, at 3:59 PM, Aaron Brazell wrote:

> Please make sure you have your facts straight. :)
> WordPress 2.0 is supported because it's in Debian and will continue  
> to be maintained until 2010.

Well, we'd still maintain it even if it got dropped from Debian.   
It's just nice to have a stable and secure version that won't be  
changing a couple times a year.

> WordPress 2.1 is no longer supported due to the accelerated  
> development timeline and the weight of supporting multiple such  
> releases when, conceivably, there could be three major releases in  
> a 12 month period. WordPress 2.2 is the heir of WordPRess 2.1.  
> WordPress 2.2 probably won't be supported once 2.3 comes out. It's  
> still in the air whether 2.3 will be maintained after 2.4 is released.

Right.  I figure we'll choose another "long-support-candidate" to  
replace 2.0.x sometime in 2008 or 2009, to give people who want a  
stable platform some time to migrate before 2.0.x is retired.

It might be nice for us to have an official policy about security  
updates though.  We didn't release 2.1.4 because 2.2 was a couple  
weeks away.  Maybe the policy should just be that we'll support the  
current version's branch until there is a newer one.

Mark Jaquith

Covered Web Services

More information about the wp-hackers mailing list