WordPress 4.7.5 - Security and Maintenance Release is now available
While waiting for the release of version 4.8, expected in June, WordPress released version 4.7.5.
This is a “Security and Maintenance Release” which doesn’t add any new feature, it fixes security and performances issues.
In particular these 6 major problems have been fixed, in addition to other 4 fixes about performances:
- Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
- Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
- Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
- A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.
The update is available within the administration dashboard.
Joomla 3.7.2 is available
Joomla 3.7.2 is available, just days after the release of version 3.7.1. This release fixes an important SQL Injection available in the previous version.
No new features have been added, some bugs (and the critical vulnerability) have been fixed and other improvements to Joomla general performances have been added.
The update is available within the administration interface.
MariaDB to receive financing from the European Union
MariaDB, the popular open source database forked from MySQL and often used in LAMP stacks for CMS, will receive €25 mln from the European Union as a financing from the European Investment Bank (EIB) as part of the Juncker Plan.
The European Fund for Strategic Investments (EFSI) is part of the Juncker Plan and is one of the pillars of a first loss guarantee; the plan has the ambitious goal to create jobs using in a clever manner the available financial resources, removing obstacles and guaranteeing visibility and technical support to European projects.
MariaDB, which is based in Helsinki (Finland), is one of the most important players in the database sector, with competitors like MySQL, MongoDB and PostgreSQL; the sector sees a continuous growth rate with positive forecasts from both IDC ($50 bln market in 2017 against $40 bln in 2015) and Gartner (more than 70% of new apps are based on open source databases and conversion of more than 50% of databases based on proprietary formats to open source). According to DB-Engines, open sources databases represents 46% of the total.
PrestaShop 1.7.1.0 is now available
PrestaShop, the popular eCommerce CMS, comes to version 1.7.1.0.
New features include the support to new modules (best sellers, new products, cross-selling, paypal), the reintroduction of the “upgrade all modules” button, an improved back-end office navigation from mobile devices and improved versions of translations, overall performances and product pages links.
The update is available with the handy 1-Click Update module.
New important Magento security patches are available
New important security patches are available for Magento 2.0.14 and 2.1.7. Magento invites users to update their systems as soon as possible.
Critical vulnerabilities that are fixed with the patch include a Remote Code Execution (RCE) in the administration panel, video uploading and Zend Mail, leak of clients password hash when modifying information as admin, a possible RCE when sending reminders via email, Cross-Site Scripting (XSS) in the admin panel, Cross-Site Request Forgery (CSRF) in APIs and vulnerabilities in JavaScript libraries.
MasterCard recently added a new series of Identification Numbers (BIN): some versions of Magento already support these new BIN, but users with Enterprise 2.1.2 or minor, Enterprise 2.0.x, Enterprise 1.14.2.x and Community 1.9.2.x must patch or update their systems by June 30, 2017, otherwise MasterCard will apply fines.
Additional information at this address.
Magento invites users to patch as soon as possible.