WordPress 2.6.2 Released

The good people over at WordPress released WordPress 2.6.2 today. And unlike the previous 2.6.1 release, this release is a mandatory release, to fix a loophole which occurs if your blog has registrations open.

From the horse’s mouth:

If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

So if you want your blog to remain harmless, upgrade to 2.6.2 ASAP! Hey if you don’t know how to upgrade, don’t sweat! Here’s an easy and harmless way to upgrade your WordPress installation