Moodle 2.6.8, 2.7.5, and 2.8.3 Released

Moodle 2.6.8, 2.7.5, and 2.8.3 were released today.  The new versions include “small improvements”, bug fixes, and a fix for a “a very serious security vulnerability”. Details of the security vulnerabilities fixed will be released later.

Update (February 9, 2015): Moodle has now released information on the security issue fixed in the releases. The vulnerability fixed could have allowed viewing the content of “files located outside of moodle directory” due to incomplete filtering of directory traversal attempts.

More information is available in the release notes for 2.6.8, 2.7.5, and 2.8.3.

 

Posted in Moodle, Security Update | Leave a comment

phpBB 3.0.13-PL1 Released

phpBB 3.0.13-PL1 was released on Friday. The new version fixes several bugs that were introduced in 3.0.13 that could cause error message to be shown all pages.

phpBB 3.0.13 includes several security improvements and improves compatibility with “PHP 5.6, Apache 2.4, Internet Explorer 11, and Microsoft Azure”.

More information is available in the release announcement for 3.0.13 and 3.0.13-PL1.

 

Posted in phpBB, Security Update | Leave a comment

phpBB 3.1.3 Released

phpBB 3.1.3 was released yesterday. The new version includes bug fixes and minor feature improvements. The new version also fixes a security issue that would allow “administrator on a forum to use the ImageMagick binary path setting to execute code on the server”.

More information is available in the release announcement.

 

Posted in phpBB, Security Update | Leave a comment

concrete5 5.7.3.1 Released

concrete5 5.7.3.1 was released on Friday. The new version includes small feature improvements and bug fixes.

More information is available in the release notes.

 

Posted in concrete5 | Leave a comment

Moodle 2.6.7, 2.7.4, and 2.8.2 Released

Moodle 2.6.7, 2.7.4, and 2.8.2 were released today. The new versions include “small improvements”, bug fixes, and security fixes. Details of the security vulnerabilities fixed will be released later.

Update (January 20, 2015): Moodle has now released information on the security issues fixed in the releases. . Among the vulnerabilities fixed is a serious cross-scripting (XSS) vulnerability in all three versions and a serious regular expression denial of service (ReDoS) vulnerability in all three versions.

More information is available in the release notes for 2.6.7, 2.7.4, and 2.8.2.

 

Posted in Moodle, Security Update | Leave a comment

PrestaShop 1.6.0.11 Released

PrestaShop 1.6.0.11 was released today. The new version improves the wishlist module and tax & rounding calculations. The new version also insures that cookies are set to be secure when SSL is used on all pages.

More information is available in the changelog.

 

Posted in PrestaShop, Security Update | Leave a comment

concrete5 5.7.3 Released

concrete5 5.7.3 was released on December 19. The new version adds built-in multilingual website support , behavioral improvements, and bug fixes.

More information is available in the release notes.

Posted in concrete5 | Leave a comment

Support Ends for Joomla 2.5

Support for Joomla 2.5 ended on December 31. Anyone one still using version 2.5 should upgrade to 3.3. We recommend you make a copy of the website and do a test of the upgrade on that before upgrading the live website to Joomla 3.3 due to the serious problems that can occur during and after the upgrade.

Posted in End of Support, Joomla | Leave a comment

Piwik 2.10.0 Released

Piwik 2.10.0 was released today. The new version fixes a number bug, improves performance, and adds additional types of logs that can be handle with the Log Analytics tool.

The upgrade includes a major database upgrade, so plan accordingly.

More information is available in the changelog.

 

Posted in Piwik | Leave a comment

Zen Cart 1.5.4 Released

Zen Cart 1.5.4 was released last Wednesday. The new version includes a number of bug fixes and fixes for two cross-site request forgery (CSRF) security issues.

Version 1.5.4 has undergone PA-DSS certification and “the paperwork is awaiting a final review by the PCI SSC, before being listed on their site by the end of January”.

The new version increases the system requirements to MySQL 5.1 or greater.

More information is available in the release announcement.

 

Posted in Security Update, Zen Cart | Leave a comment