OpenCart 1.5.6.3 Released

OpenCart 1.5.6.3 was released today. The new version fixes several bugs, improves logging, and checks “uploaded files for php content”, which reduces “the risk of image files containing php and running on insecure servers”.

More information is available in the changelog.

Posted in OpenCart, Security Update | Leave a comment

WordPress 3.8.3 Released

WordPress 3.8.3 was released today. The new version fixes bugs introduced in 3.8.2 that broke the Quick Draft tool and that caused bulk editing posts to “set the posts’ author to the author of the first post. ”

For those still running WordPress 3.7, version 3.7.3, which contains the same fixes has also been released.

More information is available in the release notice and Codex document.

Posted in WordPress | Leave a comment

OpenCart 1.5.6.2 Released

OpenCart 1.5.6.2 was released last Thursday. The new version fixes a number of issues with PayPal Express Checkout. The new version also sets to cookies to HttpOnly, which can in some instances prevent some cross-site scripting (XSS) exploits from comprising the contents of sessions cookies in supported web browsers.

More information is available in the changelog.

Posted in OpenCart, Security Update | Leave a comment

PrestaShop 1.6.0.6 Released

PrestaShop 1.6.0.6 was released last Thursday. The new versions includes numerous bug fixes.

More information is available in the changelog.

Posted in PrestaShop | Leave a comment

Revive Adserver 3.0.4 Released

Revive Adserver 3.0.4 was released today. The new version fixes the statistics bug introduced in 3.0.3 and several other bugs.

More information is available in the release notice.

Posted in Revive Adserver | Leave a comment

WordPress 3.8.2 Released

WordPress 3.8.2 was released today. The new version includes nine bug fixes and five security improvements. The security improvements include fixing “a weakness that could let an attacker force their way into your site by forging authentication cookies” and a “fix to prevent a user with the Contributor role from improperly publishing posts”.

For those still running WordPress 3.7, version 3.7.2, which contains the same security fixes as 3.8.2 has also been released, and will go out through the automatic background updates feature.

More information is available in the release notice and Codex document.

Posted in Security Update, WordPress | Leave a comment

concrete5 5.6.3.1 Released

concrete5 5.6.3.1 was released on Friday. The new version includes “better mobile support for dashboard”, improved performance for multilingual websites, and bug fixes. The new version also fixes two cross-site scripting (XSS) vulnerabilities and a “potential email buffer overflow bug”.

More information is available in the release notes.

Posted in concrete5, Security Update | Leave a comment

MediaWiki 1.19.15 Released

MediaWiki 1.19.15 was released yesterday. The new version fixes a bug that causes “pages to appear blank or with missing text” when using PCRE 8.34. The 1.22 series had this bug fixed in 1.22.1, which was released in January. The 1.21 series has not been fixed yet.

 

Posted in MediaWiki | Leave a comment

MediaWiki 1.19.14, 1.21.8, and 1.22.5 Released

MediaWiki 1.19.14, 1.21.8, and 1.22.5 were released yesterday. The new versions include a security enhancement – adding a CSRF token on Special:ChangePassword – and bug fixes.

More information is available in the release announcement for 1.19.14, 1.21.8, and 1.22.5.

Posted in MediaWiki, Security Update | Leave a comment

TYPO3 6.2 Released

TYPO3 6.2 was released yesterday. The new version includes an improved File Abstraction Layer, new tools for making sure websites work well of mobile devices, and more. An updated installer and a compatibility layer for TYPO3 4.5 extension should make the upgrade process fairly smooth, especially for the many websites currently running TYPO3 4.5. The new version also includes security enhancements that are especially helpful for protecting high profile websites:

We enhanced security in this latest release: saltedpassword is now used by default for the Install Tool and all backend users. No more insecure hashes in the database! Also usingĀ it for frontend users is highly encouraged and possible since TYPO3 4.3. We’ve implemented CSRF protection throughout the whole TYPO3 Backend, even in Ajax calls. A new click-jacking protection minimizes the risk of users being lured into performing backend actions which they are not wanting to do. cookieHttpOnly is now enabled by default.

More information is available in the release notice and the release notes.

Posted in Security Update, TYPO3 | Leave a comment