Category Archives: Security Update

Keep Your Website Secure
Find out the important measures, including keeping software updated, that will keep your website secure here.

Moodle 2.6.11, 2.7.8, 2.8.6, and 2.9 Released; Support Ends For Moodle 2.6

Moodle 2.6.11, 2.7.8, 2.8.6, and 2.9 were released today. Version 2.9 introduces new features pages, user interface improvements, and more. Versions 2.7.8 and 2.8.6 include “small improvements”, bug fixes, and security fixes. Version 2.6.11 includes security fixes. Details of the security vulnerabilities fixed will be released later.

Update (May 18, 2015): Moodle has now released information on the security issue fixed in the releases. Among the vulnerabilities fixed is a serious cross-site scripting (XSS) vulnerability that can impact external applications that connect to Moodle.

Moodle 2.6.11 is the last release for the 2.6 branch and anyone running it should upgrade to a newer, supported, version.

More information is available in the release notes for 2.6.112.7.82.8.6, and 2.9.

 

Posted in End of Support, Moodle, Security Update | Leave a comment

concrete 5.7.4 Released

concrete5 5.7.4 was released yesterday. The new version includes a number of new features, improved features, and bug fixes. The new version also fixes a cross-site request forgery (CSRF) vulnerability.

More information is available in the release notes.

 

Posted in concrete5, Security Update | Leave a comment

WordPress 4.2.2 Released

WordPress 4.2.2 was released yesterday. The new version fixes a DOM based cross-site scripting security vulnerability in the Twenty Fifteen theme, additional security improvements related to a vulnerability fixed in 4.2.1, and includes “hardening for a potential cross-site scripting vulnerability when using the visual editor”. The new version also includes bug fixes.

For those still running WordPress 3.7, 3.8, 3.9, 4.0, and 4.1; new versions, 3.7.8, 3.8.8, 3.9.6, 4.0.5, and 4.1.5 respectively, have been released that contain the security fixes as 4.2.2.

More information is available in the release notice and Codex document.

 

Posted in Security Update, WordPress | Leave a comment

phpBB 3.0.14 and 3.1.4 Released

phpBB 3.0.14 and 3.1.4 were released today. The new versions include several bug fixes and fix a “minor” security issue that could have “allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login) when provided with a malicious URL from a third party”. Version 3.1.4 also adds more events, which “act as entry points for extensions to modify phpBB’s behaviour”.

More information is available in the release announcement.

 

Posted in phpBB, Security Update | Leave a comment

Magento 1.9.1.1 Released

Magento 1.9.1.1 was released on Friday. The only indicated change in the new version is that it includes the SUPEE-5344 security patch. It doesn’t include the other patch released subsequent to 1.9.1.0, SUPEE-4829, which deals with “an issue in which product images become larger when a shopper selects a swatch on a search result page”.

Posted in Magento, Security Update | Leave a comment

Piwik 2.13.0 Released

Piwik 2.13.0 was released today. The new version includes performance improvement, user interface improvements, and bug fixes. The new version also fixes a cross-site scripting (XSS) security vulnerability.

More information is available in the changelog.

 

Posted in Piwik, Security Update | Leave a comment

WordPress 4.2.1 Released

WordPress 4.2.1 was released today. The new version fixes a cross-site scripting security vulnerability that “could enable commenters to compromise a site”.

For those still running WordPress 4.0, and 4.1 new versions, 4.0.4 and 4.1.4 respectively, have been released that contain the same security fixes as 4.2.1.

More information is available in the release notice and Codex document.

 

Posted in Security Update, WordPress | Leave a comment

WordPress 4.1.2 Released

WordPress 4.1.2 was released today. The new version fixes several security vulnerabilities, including one that “a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site”.

For those still running WordPress 3.7, 3.8, 3.9, and 4.0 new versions, 3.7.6, 3.8.6, 3.9.4, and 4.0.2 respectively, have been released that contain the same security fixes as 4.1.2.

More information is available in the release notice and Codex document.

 

Posted in Security Update, WordPress | Leave a comment

Regular Support Ends For TYPO3 4.5

The end of regular support for TYPO3 4.5 has been announced. Version 6.2 is now the only supported long term support (LTS) release.

There is a paid program that provides extended support for 4.5 for another year.

Posted in End of Support, Security Update | Leave a comment

MediaWiki 1.19.24, 1.23.9, and 1.24.2 Released

MediaWiki 1.19.24, 1.23.9, and 1.24.2 were released yesterday. The new versions include fixes for 10 security issues, which include cross-site scripting (XSS) and denial of service (DoS) vulnerabilities. The new versions of 1.23 and 1.24 also include several bug fixes.

More information is available in the release announcement.

 

Posted in MediaWiki, Security Update | Leave a comment