Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

phpBB 3.1.2 Released

phpBB 3.1.2 was released today. The new version includes bug fixes, improvements in the upgrade process from 3.0 to 3.1, and fixes for two security vulnerability. One security vulnerability could lead to a denial of service for the website and the other could allow an extension ” to load additional HTML in the extensions administration interface through the version check file”

More information is available in the release announcement.

 

Posted in phpBB, Security Update | Leave a comment

Magento 1.9.1.0 Released

Magento 1.9.1.0 was released today. The new version includes “swatches”, that make it easy to present different products options, support for Google Universal Analytics, and more. The new version enhances security with better handling password handling, by using the secure cookie flag, and resolving several potential security issues.

The new version is the first version of Magento to support PHP 5.5 and MySQL 5.6

More information is available in the release notes.

 

Posted in Magento, Security Update | Leave a comment

WordPress 4.0.1 Released

WordPress 4.0.1 was released today. The new version fixes several security vulnerabilities, including a “cross-site scripting issues that a contributor or author could use to compromise a site”, and includes additional security hardening. The new version also fixes a number of bugs.

For those still running WordPress 3.7, 3.8, and 3.9 new versions, 3.7.5 3.8.5, and 3.9.3 respectively, have been released that contain the same security fixes as  4.0.1 as well as a fix for a critical cross-site scripting (XSS) vulnerability that does not exist in 4.0.

More information is available in the release notice and Codex document.

 

Posted in Security Update, Uncategorized | Leave a comment

Drupal 6.34 and 7.34 Released

Drupal 6.34 and 7.34 were release today. The new versions only include security fixes. Both versions include a fix for a session hijacking vulnerability and 7.34 also includes a fix for a denial of service vulnerability.

More information is available in the security advisory for the releases.

Posted in Drupal, Security Update | Leave a comment

Moodle 2.5.9, 2.6.6, 2.7.3, and 2.8 Released; Support Ends For Moodle 2.5

Moodle 2.5.9, 2.6.6, 2.7.3, and 2.8 were released yesterday. Version 2.8 introduces “significant improvements to the gradebook, forums, analytics and usability in many areas to empower teachers and improve functionality for everyone across all devices”. Versions 2.6.6 and 2.7.3 include “small improvements”, bug fixes, and security fixes. Version 2.5.9 includes security fixes. Details of the security vulnerabilities fixed will be released later.

Update (November 17, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed is a serious cross-scripting (XSS) vulnerability in all three versions and a serious cross-site request forgery (CSRF) vulnerability in the LTI module in all three versions.

Moodle 2.5.9 is the last release for the 2.5 branch and anyone running it should upgrade to a newer, supported, version.

More information is available in the release notes for 2.5.92.6.62.7.3, and 2.8.

Posted in End of Support, Moodle, Security Update | Leave a comment

phpBB 3.1.1 Released

phpBB 3.1.1 was released on Saturday. The new version fixes several issues introduced in 3.1, including a minor cross-site scripting (XSS) security vulnerability.

More information is available in the release announcement and the changelog.

 

Posted in phpBB, Security Update | Leave a comment

TYPO3 4.5.37, 4.7.20, 6.1.12, and 6.2.6 Released

TYPO3 4.5.37, 4.7.20,  6.1.12, and 6.2.6 were released today. All the new versions except 4.5.37 include bug fixes. All the new versions include fixes for security vulnerabilities in the OpenID System Extension and Swiftmailer library.

More information is available in the release notes for 4.5.37, 4.7.206.12, and 6.2.6.

 

Posted in Security Update, TYPO3 | Leave a comment

Piwik 2.8.1 Released

Piwik 2.8.1 was released yesterday. The new version includes a number of bugs fixes and fixes a cross-site scripting (XSS) security vulnerability “occurring in older Internet Explorer browsers”.

More information is available in the changelog.

 

Posted in Piwik, Security Update | Leave a comment

Drupal 7.32 Released

Drupal 7.32 was released today. The new versions fixes a SQL injection vulnerability that could lead to “lead to privilege escalation, arbitrary PHP execution, or other attacks” and that could “be exploited by anonymous users”.

More information is available in the release notes.

 

Posted in Drupal, Security Update | Leave a comment

Piwik 2.8.0 Released

Piwik 2.8.0 was released yesterday. The new version includes a number of bugs fixes, minor improvements, and fixes a cross-site scripting (XSS) security vulnerability.

As of this version, Piwik supports PHP 5.6.

More information is available in the changelog.

 

Posted in Piwik, Security Update | Leave a comment