Coppermine 1.4.14
Wednesday, November 7th, 2007The coppermine gallery team have released a security update to version 1.4.14. This is a fix for (another) new XSS vulnerability – immediate update highly recommended.
The golden rule is that there are no golden rules.
Latest Updates
WordPress 2.3.1
Saturday, November 3rd, 2007Following on from the new version 2.3 is a bug-fix release with some security implications. Although these seem to be fairly minor (eg. possible XSS vulnerability with register_globals on) if you’ve moved to 2.3 then you should now upgrade to 2.3.1.
There are no updates for the last version in the 2.2 branch (2.2.3) so if that’s what you’re on it’s probably safe to stay there for a while longer (but plan to update to 2.3.x soon):
Vanilla 1.1.4
Tuesday, October 23rd, 2007There is a serious vulnerability in Vanilla 1.1.3 and below, allowing remote SQL injection. A security update has been released – upgrading requires just replacing the affected files, as listed on the Vanilla upgrade page.
With exploit code already published this is an urgent mandatory update – don’t delay!
WordPress 2.3
Thursday, September 27th, 2007Version 2.3 is a significant scheduled release with many new features. Although many bugs have been ironed out through several recent release candidates it’s likely that with all the new code there will be some problems still to find.
At the time of writing I don’t know of any security issues in the previous version 2.2.3 so the more cautious may prefer to keep this for a week or two… For those who prefer the latest and greatest:
(Naturally, BurstOpen is now running on WordPress 2.3!)
SMF 1.1.4
Wednesday, September 26th, 2007Simple Machines have released an update to the SMF forum – version 1.1.4. An update for the 1.0 branch (1.0.12) has also been released.
This is a bug-fix release and a required update. Users of version 1.1.x can update through the SMF admin center.
Vanilla 1.1.3
Monday, September 24th, 2007Lussumo has released a new version of the minimal forum application Vanilla with bug-fixes including at least one security fix (XSS vulnerability). This is a required update.
Coppermine 1.4.13
Sunday, September 16th, 2007The coppermine gallery team have released a security update to version 1.4.13. This is a fix for a new XSS vulnerability and a mandatory update.
WordPress 2.2.3
Monday, September 10th, 2007This is a bugfix and security release including some high-priority fixes. Required update.
WordPress 2.2.2
Tuesday, August 7th, 2007This is a bugfix + security release and a required update.
Zen Cart admin security patch
Thursday, July 5th, 2007A vulnerability has been found in Zen Cart that could allow an unauthorised user to log into the admin system. Patches are available for all recent versions at the download page, and a new full version 1.3.7.1 is also available. This update is mandatory for all earlier Zen Cart versions.