Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

Moodle 2.6.7, 2.7.4, and 2.8.2 Released

Moodle 2.6.7, 2.7.4, and 2.8.2 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.

Update (January 20, 2015): Moodle has now released information on the security issues fixed in the releases. . Among the vulnerabilities fixed is a serious cross-scripting (XSS) vulnerability in all three versions and a serious regular expression denial of service (ReDoS) vulnerability in all three versions.

More information is available in the release notes for 2.6.7, 2.7.4, and 2.8.2.

 

Posted in Moodle, Security Update | Leave a comment

PrestaShop 1.6.0.11 Released

PrestaShop 1.6.0.11 was released today. The new version improves the wishlist module and tax & rounding calculations. The new version also insures that cookies are set to be secure when SSL is used on all pages.

More information is available in the changelog.

 

Posted in PrestaShop, Security Update | Leave a comment

Zen Cart 1.5.4 Released

Zen Cart 1.5.4 was released last Wednesday. The new version includes a number of bug fixes and fixes for two cross-site request forgery (CSRF) security issues.

Version 1.5.4 has undergone PA-DSS certification and “the paperwork is awaiting a final review by the PCI SSC, before being listed on their site by the end of January”.

The new version increases the system requirements to MySQL 5.1 or greater.

More information is available in the release announcement.

 

Posted in Security Update, Zen Cart | Leave a comment

MediaWiki 1.19.23, 1.22.15, 1.23.8, and 1.24.1 Released, Support Ends For MediaWiki 1.22.x

MediaWiki 1.19.23, 1.22.15, 1.23.8, and 1.24.1 were released yesterday. The new versions fix a number of bugs and include two security fixes.

More information is available in the release announcement.

 

Support ended for MediaWiki 1.22.x has now ended. Anyone still running 1.22.x should upgrade to a newer version. MediaWiki 1.19.x is a long term support release and is scheduled to contine receiving updates until May of 2015.

Posted in End of Support, MediaWiki, Security Update | Leave a comment

Revive Adserver 3.0.6 and 3.1.0 Released

Revive Adserver 3.0.6 and 3.1.0 was released today. Version 3.1.0 includes a number of new features (including allowing the use of zones without remnant campaigns), fixes numerous bugs, and fixes two security issues. Version 3.0.6 only includes the two security fixes also in 3.1.0, and is for those not ready to upgrade to 3.1.0 yet.

Version 3.1.0 increases the required PHP version to at least 5.3.0.

More information is available in the release notice.

 

Posted in Revive Adserver, Security Update | Leave a comment

TYPO3 4.5.39, 6.2.9, and 7.0.2 Released

TYPO3 4.5.39, 6.2.9, and 7.0.2 were released today. All three versions include fixes for a link spoofing vulnerability and a cache poisoning vulnerability. Version 4.5.39 and 6.2.9 also include a bug fix.

More information is available in the release notes for 4.5.396.2.9, and 7.0.2.

 

Posted in Security Update, TYPO3 | Leave a comment

MediaWiki 1.19.22, 1.22.14, 1.23.7, and 1.24.0 Released

MediaWiki 1.19.22, 1.22.14, 1.23.7, and 1.24.0 were released last Thursday. 1.19.22, 1.22.14, and 1.23.7 include bug fixes and security fixes. 1.24.0 introduces a number of improvements, including making preferences easier to utilize and better password storage.

More information is available in the release announcement for 1.24.0 and 1.19.22, 1.22.14, and 1.23.7.

 

Posted in MediaWiki, Security Update | Leave a comment

phpBB 3.1.2 Released

phpBB 3.1.2 was released today. The new version includes bug fixes, improvements in the upgrade process from 3.0 to 3.1, and fixes for two security vulnerability. One security vulnerability could lead to a denial of service for the website and the other could allow an extension ” to load additional HTML in the extensions administration interface through the version check file”

More information is available in the release announcement.

 

Posted in phpBB, Security Update | Leave a comment

Magento 1.9.1.0 Released

Magento 1.9.1.0 was released today. The new version includes “swatches”, that make it easy to present different products options, support for Google Universal Analytics, and more. The new version enhances security with better handling password handling, by using the secure cookie flag, and resolving several potential security issues.

The new version is the first version of Magento to support PHP 5.5 and MySQL 5.6

More information is available in the release notes.

 

Posted in Magento, Security Update | Leave a comment

WordPress 4.0.1 Released

WordPress 4.0.1 was released today. The new version fixes several security vulnerabilities, including a “cross-site scripting issues that a contributor or author could use to compromise a site”, and includes additional security hardening. The new version also fixes a number of bugs.

For those still running WordPress 3.7, 3.8, and 3.9 new versions, 3.7.5 3.8.5, and 3.9.3 respectively, have been released that contain the same security fixes as  4.0.1 as well as a fix for a critical cross-site scripting (XSS) vulnerability that does not exist in 4.0.

More information is available in the release notice and Codex document.

 

Posted in Security Update, WordPress | Leave a comment