Breaking news on the internets right now as Matt over at WordPress is reporting some serious issues with packages of WordPress 2.1.1 downloaded over the past 3-4 days. According to a blog post, a malicious intruder gained access to the wordpress.org servers and modified the files being made available for download. How exactly this happened is still unknown.

The long-and-short of the situation is this: if you downloaded and installed the most recent version of WordPress from wordpress.org in the last few days, you weren't downloading the official release– you were downloading a modified version that likely includes some sort of back-door.

Although only a subset of in-the-wild copies of 2.1.1 contain the vulnerability, the development team has declared the entire release "dangerous," and highly suggest all users upgrade to 2.1.2.