My big disillusionment with Wordpress
This blog is "powered by wordpress", not so proudly anymore. It is hosted on a Debian machine and uses the (quite old) Debian package just because I don't want to keep track of updates and I let the folks from Debian do that job for me. Nevertheless few months ago I've found in the the blog links to spamming websites. This happened because in June some vulnerabilities have been found in the WP source code. Ok, this can happen, what is the correct procedure to handle it? If you are the main developer, first you document all the possible consequences, than you produce patches to fix the bugs in all the versions you actively support. Instead, at WP, they decided that this page was enough descriptive for the problems they had (basically it says, "some security fixes have been made"), they released no immediate patches and after a while they released a new version of the whole software. Debian policies does not allow a software version to be upgraded for security, but since no patch was available for old ones, they were forced to upgrade. There was even a discussion on Debian mailing list on the possibility of removing WP from the stable release for this reason.
In the meantime, blogs have been injected with spam links. After cleaning up everything (get backups, reinstall etc.. ) I'm really convinced on switching to some other software if I find the time to move everything.