Joomla 3.6.1 Released

Joomla 3.6.1 was released today. The new version includes bug fixes and fixes several “low level security issues”, including a cross-site scripting (XSS) vulnerability.

More information is available in the release announcement.

Posted in Joomla, Security Update | Leave a comment

Piwik 2.16.2 Released

Piwik 2.16.2 was released today. The new version includes some small new features, bug fixes, and fixes for several cross-site scripting (XSS) security issues.

More information is available in the changelog.

Posted in Piwik, Security Update | Leave a comment

Drupal 8.1.8 Released

Drupal 8.1.8 was released today. The new version includes “bug fixes, along with documentation and testing improvements”.

More information is available in the release notes.

Posted in Drupal | Leave a comment

OpenCart 2.3.0.2 Released

OpenCart 2.3.0.2 was released today. The new version fixes issues that were introduced in 2.3.0.0 and 2.3.0.1, which were released over the weekend and then pulled. No details of what was changed in 2.3.0.0 are included in its changelog.

Posted in OpenCart | Leave a comment

concrete5 5.7.5.9 Released

concrete5 5.7.5.9 was released yesterday. The new version includes small feature improvements and bug fixes. The new version also “fixes minor security vulnerability with pagination parameters”.

More information is available in the release notes.

Posted in concrete5, Security Update | Leave a comment

TYPO3 6.2.26, 7.6.10 and 8.2.1 Released

TYPO3 6.2.26, 7.6.10, and 8.2.1 were released today. The new versions contain bug fixes and “critical security fixes”, including fixes for cross-site scripting (XSS), SQL injection, and unsafe unserialize vulnerabilities.

More information is available in the release notes for 6.2.267.6.10, and 8.2.1.

Posted in Security Update, TYPO3 | Leave a comment

Drupal 8.1.7 Released

Drupal 8.1.7 was released today. The new version includes a fix for a vulnerability in the third-party library Guzzle included and used in Drupal 8.

More information is available in the release notes.

Posted in Drupal, Security Update | Leave a comment

Drupal 8.1.6 Released

Drupal 8.1.6 was released on Monday. The new version fixes an issue that occurred when upgrading to 8.1.4 or 8.1.5 “without first emptying the /core and /vendor folders” that could cause to “a fatal error due to code that should have been removed being executed”.

Drupal 8.1.5 was “identical to Drupal 8.1.4, except that Drupal 8.1.4 incorrectly reports it’s own version as 8.1.4-dev”.

More information is available in the release notes.

Posted in Drupal | Leave a comment

Joomla 3.6.0 Released

Joomla 3.6.0 was released today. The new version includes UX improvements, improvements to the update process, and per menu access controls.

More information is available in the release announcement.

Posted in Joomla | Leave a comment

Moodle 2.7.15, 2.9.7, 3.0.5, and 3.1.1 Released

Moodle 2.7.15, 2.9.7, 3.0.5, and 3.1.1 were released today. All of the new versions include security fixes. Details of the security vulnerabilities fixed will be released in a week. Versions 3.0.5 and 3.1.1 also include “small improvements” and bug fixes.

Update (July 19, 2016): Moodle has now released information on the security issue fixed in the releases. The vulnerabilities fixed include a vulnerability that allowed users to send emails to arbitrary email addresses through Moodle.

More information is available in the release notes for 2.7.152.9.73.0.5, and 3.1.1.

Posted in Moodle, Security Update | Leave a comment