Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

WordPress 3.9.2 Released

WordPress 3.9.2 was released today. The new version fixes several security vulnerabilities, including a potential code execution vulnerability, and includes additional security hardening.

For those still running WordPress 3.7 or 3.8 new versions, 3.7.4 and 3.8.4 respectively, have been released that contain the same fixes.

More information is available in the release notice and Codex document.

Posted in Security Update, WordPress | Leave a comment

Drupal 6.33 and 7.31 Released

Drupal 6.33 and 7.31 were released today. The new versions fixes a denial of service (DOS) security vulnerability in Drupal’s XML-RPC endpoint.

More information is available in the release notes for 6.33 and 7.31.

Posted in Drupal, Security Update | Leave a comment

MediaWiki 1.19.18,1.22.9, and 1.23.2 Released

MediaWiki 1.19.18, 1.22.9, and 1.23.2 were released yesterday. The new versions include several security fixes. Version 1.22.8 and 1.23.2 also include bug fixes.

More information is available in the release announcement for 1.19.18, 1.22.9, and 1.23.2.

Posted in MediaWiki, Security Update | Leave a comment

Drupal 6.32 and 7.29 Released

Drupal 6.32 and 7.29 were released yesterday. The new versions fix several security vulnerabilities including a denial of service vulnerability and cross-site scripting (XSS) vulnerabilities.

More information is available in the release notes for 6.32 and 7.29.

Posted in Drupal, Security Update | Leave a comment

Moodle 2.4.11, 2.5.7, 2.6.4, and 2.7.1 Released; Support Ends For Moodle 2.4

Moodle 2.4.11, 2.5.6, 2.6.4, and 2.7.1 were released today. All of the releases include security fixes and all but 2.4.11 also include bug fixes. Details of the security vulnerabilities fixed will be released later.

Update (July 21, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed is a vulnerability that could lead to remote code execution, several that could allow access to server-side files, and several cross-site script (XSS) vulnerabilities.

Moodle 2.4.11 is the last release for the 2.4 branch and anyone running it should upgrade to a newer, supported, version.

More information is available in the release notes for 2.4.112.5.72.6.4, and 2.7.1.

 

Posted in End of Support, Moodle, Security Update | Leave a comment

Zen Cart 1.5.3 Released

Zen Cart 1.5.3 was released on Friday. The new version is designed to be compatible with PHP versions 5.4 and 5.5, it also verified to be compatible with the beta version of 5.6. The new version fixes several cross-site scripting (XSS) security vulnerabilities and changes password hashing to bcrypt (requires PHP 5.3.7 or newer). The new versions also includes performance enhancements and bug fixes.

The new version increases the system requirements to PHP version 5.3.7 or greater (“may run on as low as PHP 5.2.10, but with lesser security protections available”) and MySQL 5.0 or greater.

This version is not PA-DSS certified, so those who need a PA-DSS certified version will need to remain on 1.5.0 until the next PA-DSS certified version based on 1.5.3 is released.

More information is available in the release announcement.

Posted in Security Update, Zen Cart | Leave a comment

Piwik 2.4.0 Released

Piwik 2.4.0 was released today. The new version fixes a number of bugs, fixes a cross-site scripting (XSS) security vulnerability, and includes other minor security improvements.

More information is available in the changelog.

Posted in Piwik, Security Update | Leave a comment

MediaWiki 1.19.17, 1.21.11, 1.22.8, and 1.23.1 Released

MediaWiki 1.19.17, 1.21.11, 1.22.7, and 1.23.1 were released yesterday. The new versions include bug fixes and a security fix that prevent SVG files from loading external resources.

More information is available in the release announcement for 1.19.17, 1.21.11, 1.22.8, and 1.23.1.

 

Posted in MediaWiki, Security Update | Leave a comment

MediaWiki 1.19.16, 1.21.10, and 1.22.7 Released

MediaWiki 1.19.16, 1.21.10, and 1.22.7 were released yesterday. The new versions include a security fix that stops usernames from being parsed as wikitext. Mediawiki 1.21.10 and 1.22.7 also include bugfixes.

More information is available in the release announcement for 1.19.16, 1.21.10, and 1.22.7.

Posted in MediaWiki, Security Update | Leave a comment

TYPO3 4.5.34, 4.7.19, 6.0.14, 6.1.9, and 6.2.3 Released

TYPO3 4.5.34, 4.7.19,  6.0.14, 6.1.9, and 6.2.3 were released today. The new versions  include bug fixes and fix a number of security vulnerabilities (including several cross-site scripting (XSS) vulnerabilities).

More information is available in the release notes for 4.5.344.7.196.0.146.1.9, and 6.2.3.

Posted in Security Update, TYPO3 | Leave a comment