Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

Drupal 8.1.7 Released

Drupal 8.1.7 was released today. The new version includes a fix for a vulnerability in the third-party library Guzzle included and used in Drupal 8.

More information is available in the release notes.

Posted in Drupal, Security Update | Leave a comment

Moodle 2.7.15, 2.9.7, 3.0.5, and 3.1.1 Released

Moodle 2.7.15, 2.9.7, 3.0.5, and 3.1.1 were released today. All of the new versions include security fixes. Details of the security vulnerabilities fixed will be released in a week. Versions 3.0.5 and 3.1.1 also include “small improvements” and bug fixes.

Update (July 19, 2016): Moodle has now released information on the security issue fixed in the releases. The vulnerabilities fixed include a vulnerability that allowed users to send emails to arbitrary email addresses through Moodle.

More information is available in the release notes for 2.7.152.9.73.0.5, and 3.1.1.

Posted in Moodle, Security Update | Leave a comment

Drupal 7.50 Released

Drupal 7.50 was released today. The leap from 7.44 to 7.50 is due to more significant changes between minor versions than usually occurs. Among the changes is support for full UTF-8 (emojis, Asian symbols, mathematical symbols) when using a MySQL database and improved support for PHP versions, including PHP 7. The new version also fixes numerous bugs. While the new version doesn’t include “security fixes” it does include security improvements, including a new permission for administering fields and clickjacking protection is now on by default.

More information is available in the blog post and release notes for the new version.

Posted in Drupal, Security Update | Leave a comment

Magento 2.1.0 Released

Magento 2.1.0 was released today. The new version includes numerous bug fixes and minor improvements. It also includes security enhancements and fixes vulnerabilities that could potentially “be exploited to access customer information or take over administrator sessions”.

More information is available in the release notes.

Posted in Magento, Security Update | Leave a comment

WordPress 4.5.3 Released

WordPress 4.5.3 was released today. The new version fixes a number of bugs and fixes a number security vulnerabilities, including a couple of cross-site scripting (XSS) vulnerabilities.

More information is available in the release notice and Codex document.

Posted in Security Update, WordPress | Leave a comment

Drupal 7.44 and 8.1.3 Released

Drupal 7.44 and 8.1.3 were released today. Both releases only include a security fix, 7.44 fixes an issue that could cause saving user accounts to “grant the user all roles” and 8.1.3 fixes an issue that could allow “unauthorized users to see Statistics information”.

More information is available in the release notes for 7.44 and 8.1.3.

Posted in Drupal, Security Update | Leave a comment

TYPO3 6.2.24, 6.2.25, 7.6.8, 7.6.9, 8.1.1, and 8.1.2 Released

TYPO3 6.2.24, 6.2.25, 7.6.8, 7.6.9, 8.1.1, and 8.1.2 were released today. Versions 6.2.24, 7.6.8, and 8.1.1 fix a critical vulnerability that could lead to “information disclosure or remote code execution”. Versions 6.2.25, 7.6.9, and 8.1.1 fix a regression introduced with the fix for that security vulnerability.

More information is available in the release notes for 6.2.24, 6.2.25, 7.6.8, 7.6.9, 8.1.1, and 8.1.2.

Posted in Security Update, TYPO3 | Leave a comment

MediaWiki 1.23.14, 1.25.6, and 1.26.3 Released

MediaWiki 1.23.14, 1.25.6, and 1.26.3 were released today. The new versions fix a number of security issues.

More information is available in the release announcement.

Posted in MediaWiki, Security Update | Leave a comment

Magento 2.0.6 Released

Magento 2.0.6 was released today. The new version includes a number of security fixes and the “ability to use Redis for session storage”.

More information is available in the release notes.

Posted in Magento, Security Update | Leave a comment

Moodle 2.7.14, 2.8.12, 2.9.6, and 3.0.4 Released; Support Ends For Moodle 2.8

Moodle 2.7.14, 2.8.12, 2.9.6, and 3.0.4 were released today. All of the new version include security fixes. Details of the security vulnerabilities fixed will be released in a week. Versions 2.9.6 and 3.0.4 also include “small improvements” and bug fixes.

Update (May 17, 2016): Moodle has now released information on the security issue fixed in the releases. The vulnerabilities fixed include a vulnerability that allowed editing profile fields that were supposed to be locked.

Moodle 2.8.12 is the last release for the 2.8 branch and anyone running it should upgrade to a newer, supported, version.

More information is available in the release notes for 2.7.142.8.122.9.6, and 3.0.4.

Posted in Moodle, Security Update | Leave a comment