Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
Security Updates Feed
We Perform Upgrades of:
WordPress VersionWe are running WordPress 4.0.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Want Us to Include Updates for Other Software?If you are interested in us providing updates on software we don't currently include updates for please send us a suggestion.
Category Archives: Security UpdateKeep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.
phpBB 3.1.2 was released today. The new version includes bug fixes, improvements in the upgrade process from 3.0 to 3.1, and fixes for two security vulnerability. One security vulnerability could lead to a denial of service for the website and the other could allow an extension ” to load additional HTML in the extensions administration interface through the version check file”
More information is available in the release announcement.
Magento 22.214.171.124 was released today. The new version includes “swatches”, that make it easy to present different products options, support for Google Universal Analytics, and more. The new version enhances security with better handling password handling, by using the secure cookie flag, and resolving several potential security issues.
The new version is the first version of Magento to support PHP 5.5 and MySQL 5.6
More information is available in the release notes.
WordPress 4.0.1 was released today. The new version fixes several security vulnerabilities, including a “cross-site scripting issues that a contributor or author could use to compromise a site”, and includes additional security hardening. The new version also fixes a number of bugs.
For those still running WordPress 3.7, 3.8, and 3.9 new versions, 3.7.5 3.8.5, and 3.9.3 respectively, have been released that contain the same security fixes as 4.0.1 as well as a fix for a critical cross-site scripting (XSS) vulnerability that does not exist in 4.0.
Drupal 6.34 and 7.34 were release today. The new versions only include security fixes. Both versions include a fix for a session hijacking vulnerability and 7.34 also includes a fix for a denial of service vulnerability.
More information is available in the security advisory for the releases.
Moodle 2.5.9, 2.6.6, 2.7.3, and 2.8 were released yesterday. Version 2.8 introduces “significant improvements to the gradebook, forums, analytics and usability in many areas to empower teachers and improve functionality for everyone across all devices”. Versions 2.6.6 and 2.7.3 include “small improvements”, bug fixes, and security fixes. Version 2.5.9 includes security fixes. Details of the security vulnerabilities fixed will be released later.
Update (November 17, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed is a serious cross-scripting (XSS) vulnerability in all three versions and a serious cross-site request forgery (CSRF) vulnerability in the LTI module in all three versions.
Moodle 2.5.9 is the last release for the 2.5 branch and anyone running it should upgrade to a newer, supported, version.
phpBB 3.1.1 was released on Saturday. The new version fixes several issues introduced in 3.1, including a minor cross-site scripting (XSS) security vulnerability.
TYPO3 4.5.37, 4.7.20, 6.1.12, and 6.2.6 were released today. All the new versions except 4.5.37 include bug fixes. All the new versions include fixes for security vulnerabilities in the OpenID System Extension and Swiftmailer library.
Piwik 2.8.1 was released yesterday. The new version includes a number of bugs fixes and fixes a cross-site scripting (XSS) security vulnerability “occurring in older Internet Explorer browsers”.
More information is available in the changelog.