A few days ago, Dr. Dave of Spam Karma fame alerted WordPress users to an unspecified security issue. The workaround: disable registration of new users. Today, the WordPress folks have released WordPress 2.0.4. The security fix means it’s time to upgrade ASAP.
Hmm, I wonder if it takes care of all the bugs handled by the WordPress 2.0.3 Tuneup. Edit: It looks like it squashes 3 out of 6.
[...] I can’t find any documentation stating the user registration vulnerability has been fixed, but Kelson is reporting it has been taken care of in WordPress 2.0.4. I believe this WordPress release was pushed out quickly due to some information revealed by Dr. Dave earlier in the week. [...]