This is a public service announcement, or something like that. If you are running WordPress 2.1.1, you really need to upgrade to the newly released 2.1.2.
As the WordPress Blog article WordPress 2.1.1 dangerous, Upgrade to 2.1.2, explains, somebody gained unauthorised access to one of wordpress.org’s servers and added their own, rather nasty code to the download.
As far as they can reasonably tell, the only thing affected was the 2.1.1 download – 2.0.9 is presumably too boring for people to want to do horrible things to it.
I had wondered why the WordPress support forums were down yesterday. Now I know.
You have been warned. If you’re using 2.1.1, the advice is to get a fresh download and replace all the files.