Thanks for the heads up Daniel. I don't think stable 2.0.x is vulnerable because there is no wp-admin/upload.php in that branch.
I think upstream are ready-ing 2.2.2. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]