Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
Security Updates Feed
We Perform Upgrades of:
WordPress VersionWe are running WordPress 4.2.3 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Want Us to Include Updates for Other Software?If you are interested in us providing updates on software we don't currently include updates for please send us a suggestion.
Category Archives: Security UpdateKeep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.
PrestaShop 184.108.40.206 and 220.127.116.11 were released yesterday. The new version fix a security issue related to password generation that existed in previous version of 1.4 an 1.5. They also include several bug fixes.
The security issues can also be resolved by installing the new Security Patch module, which also will fix the issue for those still running 1.6.0.x (1.6.1 is not impacted by the security issue).
WordPress 4.2.3 was released today. The new version fixes two security issues, a “cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site” and “issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft”. The new version also includes a number of bug fixes.
Piwik 2.14.0 was released today. The new version includes UI changes, bug fixes, and security fixes. The security issues fixed include cross-site scripting (XSS) vulnerabilities, cross-site request forgery (CSRF) vulnerabilities, and a “possible” remote code execution vulnerability.
More information is available in the changelog.
Magento 18.104.22.168 was released today. The new version includes bug fixes, new versions of included libraries, minor improvements, and security fixes.
Along side the new version a security patch for older versions, SUPEE-6285, that “provides protection against several types of security-related issues, including information leaks, request forgeries, and cross-site scripting” was also released.
More information is available in the release notes.
Moodle 2.7.9, 2.8.7, and 2.9.1 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later. For those using a YouTube repository additional setup will be needed after upgrading to 2.8.7 or 2.9.1.
Update (July 13, 2015): Moodle has now released information on the security issue fixed in the releases. Among the vulnerabilities fixed is a possible cross-site scripting (XSS) vulnerability and an open redirect vulnerability.
TYPO3 6.2.14 and 7.3.1 were released today. The new versions include bug fixes and fixes for several “low severity” security issues.
Joomla 3.4.2 was released today. The new version introduces some new features, including “UploadShield code which can detect most malicious uploads by examining their filenames and file contents”. It also includes bug fixes and “fixes two low level security issues”.
More information is available in the release announcement.
Drupal 6.36 and 7.38 were release today. The new versions only include security fixes. Both versions fix a user impersonation vulnerability that could allow a malicious user to login as another user through the OpenID module in certain circumstances. Drupal 7.38 also includes fixes for two open redirect vulnerabilities and an information disclosure vulnerability.
More information is available in the security advisory for the releases.
phpBB 3.1.5 was released yesterday. The new version includes more events, which act “as entry points for extensions to modify phpBB’s behaviour”, bug fixes, and security improvements.