Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
Security Updates Feed
We Perform Upgrades of:
WordPress VersionWe are running WordPress 4.0 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Want Us to Include Updates for Other Software?If you are interested in us providing updates on software we don't currently include updates for please send us a suggestion.
Category Archives: Security UpdateKeep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.
Zen Cart 1.5.3 was released on Friday. The new version is designed to be compatible with PHP versions 5.4 and 5.5, it also verified to be compatible with the beta version of 5.6. The new version fixes several cross-site scripting (XSS) security vulnerabilities and changes password hashing to bcrypt (requires PHP 5.3.7 or newer). The new versions also includes performance enhancements and bug fixes.
The new version increases the system requirements to PHP version 5.3.7 or greater (“may run on as low as PHP 5.2.10, but with lesser security protections available”) and MySQL 5.0 or greater.
This version is not PA-DSS certified, so those who need a PA-DSS certified version will need to remain on 1.5.0 until the next PA-DSS certified version based on 1.5.3 is released.
More information is available in the release announcement.
Piwik 2.4.0 was released today. The new version fixes a number of bugs, fixes a cross-site scripting (XSS) security vulnerability, and includes other minor security improvements.
More information is available in the changelog.
MediaWiki 1.19.17, 1.21.11, 1.22.7, and 1.23.1 were released yesterday. The new versions include bug fixes and a security fix that prevent SVG files from loading external resources.
More information is available in the release announcement for 1.19.17, 1.21.11, 1.22.8, and 1.23.1.
MediaWiki 1.19.16, 1.21.10, and 1.22.7 were released yesterday. The new versions include a security fix that stops usernames from being parsed as wikitext. Mediawiki 1.21.10 and 1.22.7 also include bugfixes.
More information is available in the release announcement for 1.19.16, 1.21.10, and 1.22.7.
TYPO3 4.5.34, 4.7.19, 6.0.14, 6.1.9, and 6.2.3 were released today. The new versions include bug fixes and fix a number of security vulnerabilities (including several cross-site scripting (XSS) vulnerabilities).
Revive Adserver 3.0.5 was released today. The new version fixes several bugs and a cross-site request forgery (CSRF) security vulnerability.
More information is available in the release notice.
Moodle 2.4.10, 2.5.5, and 2.6.3 were released today. Moodle 2.5.5 and 2.6.3 include bug fixes and all three releases include security fixes. Details of the security vulnerabilities fixed will be released later.
Update (May 19, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed are a cross-site script (XSS) vulnerability in the URL downloader repository and cross-site request forgery (CSRF) vulnerability in the quick-grading feature of the Assignment module.
MediaWiki 1.21.9 and 1.22.6 were released yesterday. The new versions fix a cross-site scripting (XSS) security vulnerability and 1.21.9 fixes a bug that causes “pages to appear blank or with missing text” when using PCRE 8.34, which has already been fixed in the 1.19 and 1.22 series.
More information is available in the release announcement for 1.21.9 and 1.22.6.