Using Insecure WordPress Plugins?
Does your WordPress blog contain known insecure plugins? Check NowSearch This Blog
-
Recent Posts
Security Updates Feed
Make sure you know when security updates are released for the software we follow with the RSS or Atom feed of the security updates category.Categories
We Perform Upgrades of:
WordPress Version
We are running WordPress 3.5.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.Want Us to Include Updates for Other Software?
If you are interested in us providing updates on software we don't currently include updates for please send us a suggestion.
Category Archives: Security Update
Keep Your Website SecureFind out the important measures, including keeping software updated, that will keep your website secure here.
concrete5 5.6.1 Released
concrete5 5.6.1 was released yesterday. The new version includes “completely rewritten full page caching”, bug fixes, and security fixes. The security vulnerabilities fixed include several cross-site scripting (XSS) vulnerabilities and vulnerability in the outdated version of spellchecker plugin for TinyMCE.
We reported to the developers that the version of the spellchecker plugin for TinyMCE isnuse was known to be vulnerable. You can check our list of web libraries with known vulnerabilities to make sure other software does not contain known vulnerable libraries.
More information is available in the release notes.
Posted in concrete5, Security Update
Leave a comment
Joomla 2.5.9 and 3.0.3 Released
Joomla 2.5.9 and 3.0.3 were released today. Joomla 2.5.9 fixes a number of bugs and one low priority information disclosure vulnerability. Joomla 3.0.3 introduces two language related features, fixes a number of bugs, and fixes three low priority information disclosure vulnerabilities.
More information is available in the release announcements for 2.5.9 and 3.0.3.
Posted in Joomla, Security Update
Leave a comment
WordPress 3.5.1 Released
WordPress 3.5.1 was released yesterday. The new version includes 37 bug fixes. The new version also fixes several security vulnerabilities, a “server-side request forgery vulnerability and remote port scanning using pingbacks” and three cross-site scripting vulnerabilities.
More information is available in the release notice and Codex document.
Posted in Security Update, WordPress
Leave a comment
Drupal 6.28 and 7.19 Released
Drupal 6.28 and 7.19 were released yesterday. The new versions fix several security vulnerabilities: a cross-site scripting (XSS) vulnerability in the outdated version of jQuery in use in Drupal 6 and 7, an access bypass vulnerability in the Book module printer friendly version in Drupal 6 and 7, and an access bypass vulnerability in the Image module in Drupal 7.
More information is available in the security advisory and the release notes for 6.28 and 7.19.
Posted in Drupal, Security Update
Leave a comment
Piwik 1.10.1 Released
Piwik 1.10.1 was released Tuesday. The new version includes a Page Overlay Report, a Social Networks report, adding annotations to graphs, the ability to auto update geolocation data, and more. The new version also fixes several cross-site scripting (XSS) vulnerabilities.
More information is available in the release announcement.
Posted in Piwik, Security Update
Leave a comment
Moodle 2.1.10, 2.2.7, 2.3.4, and 2.4.1 Released
Moodle 2.1.10, 2.2.7, 2.3.4, and 2.4.1 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.
Moodle 2.1.10 is last release of the 2.1 branch. Anyone still running 2.1 should upgrade to a newer release.
Update (January 22, 2013): Moodle has now released information on the security issues fixed in the releases. Moodle 2.1.10 fixes two serious security vulnerabilities and two minor security vulnerabilities. Moodle 2.2.7 fixes two serious security vulnerabilities and six minor security vulnerabilities. Moodle 2.3.4 fixes three serious security vulnerabilities and six minor security vulnerabilities. Moodle 2.4.1 fixes three serious security vulnerabilities and seven minor security vulnerabilities.
More information is available in the release notes for 2.1.10, 2.2.7, 2.3.4, and 2.4.1.
Posted in Moodle, Security Update
Leave a comment
Drupal 6.27 and 7.18 Released
Drupal 6.27 and 7.18 were released today. The new versions fix several security vulnerabilities: an access bypass vulnerability in Drupal 6′s upload module, an access bypass vulnerability in Drupal 6′s and 7′s user module search, and an arbitrary PHP code execution vulnerability in Drupal 6′s and a 7′s file upload module (that is mitigated by several factors).
More information is available in the security advisory and the release notes for 6.27 and 7.18.
Posted in Drupal, Security Update
Leave a comment
MediaWiki 1.18.6, 1.19.3, and 1.20.1 Released
MediaWiki 1.18.6, 1.19.3, and 1.20.1 were released on Friday. The new versions include security fixes for a session fixation attack and an issue that could cause “recent changes and history pages to fail to display”. Version 1.20.1 also includes a fix for a security vulnerability that allows “HTML code to be injected into the “editfont” option”.
More information is available in the release announcement for 1.18.6, 1.19.3, and 1.20.1.
Posted in MediaWiki, Security Update
Leave a comment
Moodle 2.1.9, 2.2.6, and 2.3.3 Released
Moodle 2.1.9, 2.2.6, and 2.3.3 were released yesterday. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.
Update (November 19, 2012): Moodle has now released information on the security issues fixed in the releases. Moodle 2.1.9 fixes three serious security vulnerabilities and two minor security vulnerabilities. Moodle 2.2.6 fixes three serious security vulnerabilities and three minor security vulnerabilities. Moodle 2.3.3 fixes three serious security vulnerabilities and four minor security vulnerabilities.
More information is available in the release notes for 2.1.9, 2.2.6, and 2.3.3.
Posted in Moodle, Security Update
Leave a comment
TYPO3 4.5.21, 4.6.14, and 4.7.6 Released
TYPO3 4.5.21, 4.6.14, and 4.7.6 were released today. The new versions contain fixes for bugs and for multiple security vulnerabilities. The security vulnerabilities fixed include a medium severity SQL injection and cross-site scripting (XSS) vulnerability, two low severity cross-site scripting vulnerabilities, and a low severity information disclosure vulnerability
More information is available in the release notes for 4.5.21, 4.6.14, and 4.7.6.
Posted in Security Update, TYPO3
Leave a comment
