A couple months ago, Technorati announced that users of Wordpress needed to upgrade to the latest available version (now at Version 2.5). This week, Technorati announced that blogs remaining vulnerable to identified security exploits may no longer be indexed by their service.

Because of this ongoing problem, we're discontinuing processing crawls of blogs that exhibit common symptoms of being compromised. We strongly recommend upgrading your WordPress installation. Even if you haven't been afflicted by a compromise, by the time you are aware that you have been a number of negative consequences may have already occurred (for instance, flagged spam by Technorati, Google or Yahoo!) -- this has been reported by many WordPress users.

By not upgrading your software, the search engine services may block your site from being listed. I can't think of a greater incentive to update your content management software to the latest version than the threat of being delisted. This is a bold move by Technorati. I'm personally glad Technorati is taking a stand against sites hosting older versions of Wordpress with the known security holes. In my opinion, there really isn't a good reason you shouldn't be upgrading your Wordpress site to the latest version.

"I recently asked if you were ready for WordPress 2.5, but let’s go through the steps to prepare your blog for upgrading to the new version next week."

Complete Story found via Weblog Tools Collection

For those that are curious, I've started an image gallery of screenshots I've taken while playing with Drupal 6. Not much in the gallery yet, but I'll place more in their from my weekend visits with Drupal 6.

Simple Machines is proud to announce the release of SMF 1.1.2. Since the release of SMF 1.1 a number of bugs have been found by the community members here and this release should fix all major outstanding bugs in SMF. In addition a couple of security issues were pointed out to us which we have patched in this release. We have also fixed a number of issues with UTF-8 support - including emails being displayed incorrectly in some webmail clients.

In addition to fixes with this release we've also rewritten much of the visual verification (i.e. CAPTCHA) code to allow the admin to set the difficulty of these images as some people were having trouble reading the current images. We'd urge all users to upgrade to SMF 1.1.2 as soon as possible to take advantage of these fixes.

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

The complete post providing detailed information is available at Wordpress.org.

CMS Made Simple 1.0.3 was released to fix a number of bugs and security issues. Some of the changes in 1.0.3 as reported in the ChangeLog since CMS Made Simple 1.0.2 was released include:

• Fixed several non-permenant XSS vulnerabilities- Fixed issue with breadcrumbs plugin displaying root node multiple times
• Fixed issue with multiple events being entered
• Removed global references to $db from the admin and include.php
• Added event for "Change Group Permissions"
• Fixed issue where 2 installs on the same domain shared login sessions
• Changed search schema layout
• Now allows for expiration dates on entries
• Added catpcha module support to the contact_form plugin (you still need to manually install the Captcha module for this to work)

Are you tired of all the Drupal and Wordpress posts we've been doing lately here at CMS Report? Not my fault...I only report the CMS news! The fact is that among the open source CMS that I post about...both Drupal and Wordpress have been churning out a lot since the New Year started. The release of Wordpress 2.0.7 is just a good example as any.

Recently a bug in certain versions of PHP came to our attention that could cause a security vulnerability in your blog. We’re able to work around it fairly easily, so we’ve decided to release 2.0.7 to fix the PHP security problem and the Feedburner issue that was in 2.0.6. It is recommended that everyone running WordPress 2.0.6 or lower upgrade to this new version.

Interestingly, if you are upgrading from Wordpress 2.0.6, you don't want to do a complete update. Instead, you can just copy over the following six files to get you at version 2.0.7:

The final version of SMF 1.1 is out. That's right, as far as 1.1 goes, no more release candidates for this forum software.

SMF is by far one of the easiest Web applications to install and upgrade that I have come across. In fact I upgraded my WebCMS Forum within 24 hours of the release and haven't looked backed. Though, I'm giving a week or two for some burn in time before I upgrade a client's site.

Instead of listing all the new features since 1.0, below are the major changes since SMF 1.1 RC3 was released. Release candidates in SMF are typically stable and introduce new features. In fact most open source projects would actually have given the RCs new version numbers.

Significant changes between SMF 1.1 RC3 and SMF 1.1 include:

• Option to require visual verification when sending a personal message
• Adjusted readability of visual verification system
• Added option to limit number of personal messages that can be sent per hour
• Fixed several javascript errors
• Fixed time offset bug
• Disallowed multiple failures with visual verification
• Made several UTF8 fixes
• Fixed various undefined index errors

You can read the SMF 1.1 announcement at Simple Machines by clicking here.