Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

MediaWiki 1.19.16, 1.21.10, and 1.22.7 Released

MediaWiki 1.19.16, 1.21.10, and 1.22.7 were released yesterday. The new versions include a security fix that stops usernames from being parsed as wikitext. Mediawiki 1.21.10 and 1.22.7 also include bugfixes.

More information is available in the release announcement for 1.19.16, 1.21.10, and 1.22.7.

Posted in MediaWiki, Security Update | Leave a comment

TYPO3 4.5.34, 4.7.19, 6.0.14, 6.1.9, and 6.2.3 Released

TYPO3 4.5.34, 4.7.19,  6.0.14, 6.1.9, and 6.2.3 were released today. The new versions  include bug fixes and fix a number of security vulnerabilities (including several cross-site scripting (XSS) vulnerabilities).

More information is available in the release notes for 4.5.344.7.196.0.146.1.9, and 6.2.3.

Posted in Security Update, TYPO3 | Leave a comment

Revive Adserver 3.0.5 Released

Revive Adserver 3.0.5 was released today. The new version fixes several bugs and a cross-site request forgery (CSRF) security vulnerability.

More information is available in the release notice.

Posted in Revive Adserver, Security Update | Leave a comment

Magento 1.9 Released

Magento 1.9 was released today. The new version includes a new default responsive theme, improved PayPal payment handling, and a number of security improvements.

More information is available in the release announcement and release notes.

 

Posted in Magento, Security Update | Leave a comment

Moodle 2.4.10, 2.5.6, and 2.6.3 Released

Moodle 2.4.10, 2.5.5, and 2.6.3 were released today. Moodle 2.5.5 and 2.6.3 include bug fixes and all three releases include security fixes. Details of the security vulnerabilities fixed will be released later.

Update (May 19, 2014): Moodle has now released information on the security issues fixed in the releases. Among the vulnerabilities fixed are a cross-site script (XSS) vulnerability in the URL downloader repository and cross-site request forgery (CSRF) vulnerability in the quick-grading feature of the Assignment module.

More information is available in the release notes for 2.4.102.5.6, and 2.6.3.

Posted in Moodle, Security Update | Leave a comment

MediaWiki 1.21.9 and 1.22.6 Released

MediaWiki 1.21.9 and 1.22.6 were released yesterday. The new versions fix a cross-site scripting (XSS) security vulnerability and 1.21.9 fixes a bug that causes “pages to appear blank or with missing text” when using PCRE 8.34, which has already been fixed in the 1.19 and 1.22 series.

More information is available in the release announcement for 1.21.9 and 1.22.6.

Posted in MediaWiki, Security Update | Leave a comment

Piwik 2.2 Released

Piwik 2.2 was released today. The new version includes improvements in data visualization and a new Event Tracking feature. The new version also include fixes for two cross-site scripting (XSS) vulnerabilities.

More information is available in the changelog.

Posted in Piwik, Security Update | Leave a comment

TYPO3 4.5.33, 4.7.18, 6.0.13, 6.1.8, and 6.2.1 Released

TYPO3 4.5.33, 4.7.18,  6.0.13, 6.1.8, and 6.2.1 were released yesterday. The new versions  include bug fixes and fix a cross-site scripting (XSS) vulnerability in scheduler form.

More information is available in the release notes for 4.5.33, 4.7.18, 6.0.13, 6.1.8, and 6.2.1.

Posted in Security Update, TYPO3 | Leave a comment

Drupal 6.31 and 7.27 Released

Drupal 6.31 and 7.27 were released yesterday. The new versions fix a information disclosure vulnerability in forms. A default configuration does not expose any vulnerable forms, but “contributed modules or individual sites which leverage the Drupal Form API” could be vulnerable. For websites that “expose Ajax or multi-step forms to anonymous users” or “where the forms are displayed on pages that are cached (either by Drupal or by an external system)” code changes may be required. Details on dealing with that are availble in the release notes for 6.31 and 7.27.

Posted in Drupal, Security Update | Leave a comment

OpenCart 1.5.6.3 Released

OpenCart 1.5.6.3 was released today. The new version fixes several bugs, improves logging, and checks “uploaded files for php content”, which reduces “the risk of image files containing php and running on insecure servers”.

More information is available in the changelog.

Posted in OpenCart, Security Update | Leave a comment