Movable Type 4.38, 5.07, and 5.13 were released yesterday. All three versions fix a “OS Command Injection” vulnerability, a cross-site request forgery (CSRF) vulnerability, and two cross-site scripting (XSS) vulnerabilities. Version 5.13 also includes improve password security measures.
More information is available in the release announcement.
Piwik 1.7 was released yesterday. The new version includes new features and feature enhancements, bug fixes, and security fixes for cross-site scripting (XSS) and click-jacking issues.
More information is available in the release announcement.
Joomla 1.7.5 and 2.5.1 were released yesterday. Joomla 1.7.5 includes fixes for three low priority information disclosure vulnerabilities. Joomla 2.5.1 includes fixes for two low priority information disclosure vulnerabilities and numerous bug fixes.
More information is available in the release announcements for 1.7.5 and 2.5.1.
Drupal 6.23, 6.24, 7.11, and 7.12 were released on Wednesday. Drupal 6.23 and 7.11 include fixes for a cross site request forgery (CSRF) vulnerability in the Aggregator module and a verification issue related to OpenID. Drupal 7.11 also includes a fix for an access bypass vulnerability in the File module. Drupal 6.24 and 7.12 include bug fixes in addition to the security vulnerability fixes included in 6.23 and 7.11.
More information is available in the security advisory and the release notes for 6.23, 6.24, 7.11, and 7.12.
Joomla 1.7.4 and 2.5 were release today. Joomla 1.7.4 includes fixes for two medium priority and two low priority security vulnerabilities. Joomla 2.5 is the version that would have been version 1.8 in the previous version numbering scheme. Joomla 2.5 includes the same security fixes as 1.7.4 and also includes new features such as improved search, automatic notification of software updates, support for the Microsoft SQL Server, and more.
Support for Joomla 1.7.x will end on Februarty 24, 2012.
More information is available in the release announcement for 1.7.4 and 2.5.
concrete5 5.5.1 was released yesterday. The new version includes bug fixes and user interface refinements.
More information is available in the release notes.
TYPO3 4.4.13, 4.5.11, and 4.6.4 were released today. Versions 4.5.11, and 4.6.4 are maintenance releases that only contains bugfixes. Version 4.4.13 includes a security fix for a “XSS vulnerability in BE-User Admin module” and bugfixes.
More information is available in the release notes for 4.4.13, 4.5.11, and 4.6.4.
MediaWiki 1.17.2 and 1.18.1 were released on Wednesday. The new versions include a fix for a security vulnerability that “would expose deleted text to unprivileged users through cache pollution” and bug fixes.
More information is available in the release announcement for 1.17.2 and 1.18.1.
Magento 1.6.2 was released today. The new version includes a “refactored indexing process” and a number of bug fixes.
More information is available in the release notes.
Moodle 1.9.16, 2.0.7, 2.1.3, and 2.2.1 were released today. The new versions include bug fixes and security fixes. Details of the security vulnerabilities will be released “approximately one week after” the new versions have been released.
Update (January 17, 2012): Moodle has now released information on the security issues fixed in the releases. Moodle 1.9.16 includes fixes for seven security vulnerabilities, including one for a serious vulnerability. Moodle 2.0.7 and 2.1.4 include fixes for eleven security vulnerabilities, including two for serious vulnerabilities. Moodle 2.2.1 includes fixes for ten security vulnerabilities, including two for serious vulnerabilities.
More information is available in the release notes for 1.9.16, 2.0.7, 2.1.4, and 2.2.1.
, other content is © 2006-2012 White Fir Design LLC - Privacy Policy - Trademarks