Are Your Websites Up to Date?You can keep track of what versions of concrete5, Drupal, Joomla, Magento, MediaWiki, Moodle, PrestaShop, Revive Adserver, TYPO3, SPIP, WordPress, and Zen Cart are running on all of the websites you manage with our Up to Date? Chrome app.
Search This Blog
Security Updates Feed
We Perform Upgrades of:
WordPress VersionWe are running WordPress 4.0.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Want Us to Include Updates for Other Software?If you are interested in us providing updates on software we don't currently include updates for please send us a suggestion.
Category Archives: Security UpdateKeep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.
MediaWiki 1.19.19, 1.22.11, and 1.23.4 were released yesterday. The new versions include enhanced CSS filtering of SVG images for improved security. MediaWiki 220.127.116.11 also includes a couple of bug fixes.
More information is available in the release announcement for 1.19.19, 1.22.11, and 1.23.4.
Joomla 2.5.25, 3.2.5, and 3.3.4 were released today. All of the new versions fix a moderate severity login security issue and both 3.x releases fix a moderate severity cross-site scripting (XSS) vulnerability. Joomla 3.3.4 also includes a number of bug fixes.
concrete5 18.104.22.168 was released yesterday. The new version include minor improvements and bug fixes. The new version also fixes three security issues: a full path disclosure vulnerability, a cross-site scripting (XSS) vulnerability, and database sanitation improvements.
concrete5 5.7 was released last Friday and 22.214.171.124 was released yesterday. This new version is a major overhaul of the software and you can not upgrade, instead a migration is required. It will also require that themes and add-ons have new versions created. More details of the changes made are available in the release notes. The developers currently recommend using it only if you are starting on a new project, as 5.7.1 will be the first 5.7.x version ready for general use. Support for 5.6.x will continue with “for security and critical bugs for at least a year”.
Moodle 2.5.8, 2.6.5, and 2.7.2 were released today. All of the releases include security fixes and 2.6.5 and 2.7.2 also include bug fixes. Details of the security vulnerabilities fixed will be released later.
Update (September 15, 2014): Moodle has now released information on the security issues fixed in the releases. All three versions fix a minor vulnerability that exposes the name of the last person to post in a Q&A forum. Moodle 2.6.5 and 2.7.2 fix a vulnerability that “could potentially allow unauthorised access and privilege escalation” when using Central Authentication Service (CAS). This vulnerability was not fixed in 2.5.8 and CAS users “are encouraged to upgrade to a more recent release”.
WordPress 3.9.2 was released today. The new version fixes several security vulnerabilities, including a potential code execution vulnerability, and includes additional security hardening.
For those still running WordPress 3.7 or 3.8 new versions, 3.7.4 and 3.8.4 respectively, have been released that contain the same fixes.
Drupal 6.33 and 7.31 were released today. The new versions fixes a denial of service (DOS) security vulnerability in Drupal’s XML-RPC endpoint.
MediaWiki 1.19.18, 1.22.9, and 1.23.2 were released yesterday. The new versions include several security fixes. Version 1.22.8 and 1.23.2 also include bug fixes.
More information is available in the release announcement for 1.19.18, 1.22.9, and 1.23.2.
Moodle 2.4.11, 2.5.7, 2.6.4, and 2.7.1 were released today. All of the releases include security fixes and all but 2.4.11 also include bug fixes. Details of the security vulnerabilities fixed will be released later.
Update (July 21, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed is a vulnerability that could lead to remote code execution, several that could allow access to server-side files, and several cross-site script (XSS) vulnerabilities.
Moodle 2.4.11 is the last release for the 2.4 branch and anyone running it should upgrade to a newer, supported, version.
Zen Cart 1.5.3 was released on Friday. The new version is designed to be compatible with PHP versions 5.4 and 5.5, it also verified to be compatible with the beta version of 5.6. The new version fixes several cross-site scripting (XSS) security vulnerabilities and changes password hashing to bcrypt (requires PHP 5.3.7 or newer). The new versions also includes performance enhancements and bug fixes.
The new version increases the system requirements to PHP version 5.3.7 or greater (“may run on as low as PHP 5.2.10, but with lesser security protections available”) and MySQL 5.0 or greater.
This version is not PA-DSS certified, so those who need a PA-DSS certified version will need to remain on 1.5.0 until the next PA-DSS certified version based on 1.5.3 is released.
More information is available in the release announcement.