Ike.ninja

The following bug has been fixed:
[-] Fixed moderate security issue in Courier IMAP server (#79692)

• Project: Joomla!
• SubProject: All
• Severity: Low
• Versions: 1.5.25 and all earlier 1.5.x versions
• Exploit type: Information Disclosure
• Reported Date: 2012-January-7
• Fixed Date: 2012-March-27

Description

Inadequate permission checking allows unauthorised viewing of administrative back end information.

Affected Installs

Joomla! versions 1.5.25 and all earlier 1.5.x versions

Solution

Upgrade to version 1.5.26

Reported by Cyrille Barthelemy

Contact

The JSST at the Joomla! Security Center.

The CSR Before you can order the SSL, you will need to create a CSR, or Certificate Signing Request.  The CSR tells the certificate authority the information that the certificate will contain. To create the CSR you can: Login to […] ↓ Read the rest of this entry…

Sometimes people like to make one cPanel account with multiple domains within it. With cPanel, this can make things difficult sometimes. There are a  few things that would require your domain to be on its own cPanel account. Like in […] ↓ Read the rest of this entry…

This tool for checking business logic issues and other possible problems before upgrade.

Following check points have been added:
– Check proftpd IPv6 support if IPv6 doesn’t supports by OS
– Check listening of 25 port by SmarterMail on all IP addresses registered in Plesk

The following functionality has been added:
[+] Added new placeholder {WEBSPACEROOT} which can be used in domain’s PHP Settings

The following bugs have been fixed:
[-] (Unix only) APS application installation fails if its install script writes to stderr.
[-] (Unix only) Postfix milter (mail filter) crashes while processing the e-mail.
[-] (Unix only) Unexpected error is reported if non-existent dir is specified on “FTP Repository Settings” page.

With the release of Parallels Plesk Panel 10, Parallels is offering FREE Installation, Migration and/or Upgrade assistance to Valid License Owners of Parallels Plesk Panel 10. Customers who are not Plesk License Owners (or only have Trial Licenses) should contact your License Provider.

Basic Requirements for Free Assistance:

– You must be the Owner of a valid and active Parallels Plesk Panel 10 license, and
– You must have made at least one attempt to install, migrate or upgrade (either from an older version of Parallels Plesk Panel or a competing product)
– In case of migration source and destination Operating Systems must be similar in nature. Example "Linux to Linux" or "Windows to Windows".
– If target upgrade server or migration source server is operating with Parallels Plesk Panel, it must be of revision 7.5.4 or higher.

Plesk Service Team is glad to inform you that we have released Plesk Mirror Setup Tool v 1.0.

Changes: Usability improvements and bugfixes

Plesk Panel 10.4.4 for Linux – CentOS 5.8 and RedHat 5.8 support – is available since March 20, 2012 through the Autoinstaller.

The Joomla! project is proud to announce that our application has been accepted to be a mentoring organization for the 2012 Google Summer of Code™ program (GSoC). The GSoC helps support university level students who get the opportunity to work with mentors on a variety of coding projects that will all be contributed back to the student’s mentoring organization.

This year’s Joomla! GSoC application was led by Chad Windnagle (Primary Administrator), Andrea Tarr (Secondary Administrator), and Elin Waring. Key supporters and contributors to the application process include Michael Babker, Robert Deutz, Andrew Eddie, Louis Landry, Jacques Rentzke, and Matt Thomas.

After learning of Joomla!’s acceptance into GSoC, Chad had this to say:

I’m really proud of the community effort that got put forth to be successfully accepted into GSoC this year. When I first found out that we were working on the application, and we had a week to go, I was really worried we wouldn’t make it in time. A lot of really great people have put their heads together to make this opportunity possible, and the project can’t thank those folks enough.

We have gotten accepted into the Google program, but now the fun is just beginning. This is a major win, and now we have a whole summer to mentor students and run this program successfully. I hope when we reach the end of the summer we can all feel just as successful about Joomla!’s participation in GSoC as we do right now.

Those interested in serving as a mentor for a Joomla! 2012 GSoC student project may register here:
http://www.google-melange.com/gsoc/org/google/gsoc2012/joomla

Here is the Frequently Asked Questions page for the 2012 GSoC:
http://www.google-melange.com/gsoc/document/show/gsoc_program/google/gsoc2012/faqs

The following bugs have been fixed:

[-] Wrong permission was set on /tmp folder after 10.4.4 MU#16 installing
[-] Error 404 at browsing “Downloads” report generated by AWStats
[-] Wrong IP subnets validation
[-] Unable to sync service plan with hosting disabled

At cPanel Conference 2011, cPanel announced the upcoming launch of Attracta SEO tool features within cPanel & WHM.  cPanel and Attracta have launched a special site ( go.cpanel.net/attracta/ ) dedicated to partners wishing to gain full access to the upcoming…

[-] XSS injection vulnerability has been fixed in Horda

The Joomla Project is pleased to announce the immediate availability of Joomla 2.5.3. This is a security release. The Production Leadership Team’s goal is to continue to provide regular, frequent updates to the Joomla community. Learn more about Joomla! developement at the Developer Site.

The update process is very simple, and complete instructions are available here. Note that there are now easier and better ways of updating than FTPing the files.

Download

New Installations: Click here to download Joomla 2.5.3 (Full package) »

Update Package: Click here to download Joomla 2.5.3 (Update package) »

Note: Please read the update instructions before updating.

Instructions

• New installation and technical requirements
  
• Migration from Joomla! 1.5.x

Want to test drive Joomla? Try the online demo or the Joomla JumpBox. Documentation is available for beginners.

Please note that you should always backup your site before upgrading.

Release Notes

Check the Joomla 2.5.3 Post-Release FAQs to see if there are important items and helpful hints discovered after the release.

Statistics for the 2.5.3 release

• Joomla 2.5.3 contains:
  • 2 security issues fixed

Security Issues Fixed

• High Priority – Core – Privilege Escalation. More information »
• High Priority – Core – Password Change. More information »

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their dedicated efforts investigating reports, fixing problems, and applying patches to Joomla. If you find a bug in Joomla, please report it on the Joomla! CMS Issue Tracker.

Active members of the Joomla Bug Squad during this last release cycle include: A Firoozmandan, Akarawuth Tamrareang, Alain Rivest, Andrea Tarr, Andrew Eddie, Bill Richardson, Brian Teeman, Chris Davenport, Christophe Demko, Denise McLaurin, Dennis Hermacki, Elin Waring, Emerson Rocha Luiz, Francisco Marzoa, Ian MacLennan, Jacob Waisner, Jacques Rentzke, James Brice, Janich Rasmussen, Jean-Marie Simonet, Jennifer Marriott, Jeremy Wilken, Kevin Griffiths, Loyd Headrick, Mark Dexter, Matt Thomas, Michael Babker, Mutuga Kigumi, Neil McNulty, Nikolai Plath, Ofer Cohen, Prasit Gebsaap, Rachmat Wakjaer, Rob Clayburn, Roland Dalmulder, Rouven Weßling, Rune Sjøen, Samuel Moffatt, Shaun Maunder, Sudhi Seshachala, Tim Plummer, Tom Fuller, Troy Hall, Viet Hoang Vu.

Bug Squad Leadership: Mark Dexter Coordinator; Elin Waring and Marijke Stuivenberg, Team Leaders.

Joomla! Security Strike Team

A big thanks to the Joomla! Security Strike Team for their ongoing work to keep Joomla secure. Members include: Airton Torres, Alan Langford, Bill Richardson, Elin Waring, Jason Kendall, Marijke Stuivenberg, Mark Dexter, Michael Babker, Rouven Weßling, Samuel Moffatt.

To simplify the process of installing Micro-updates for earlier Parallels Plesk Panel (PP) versions to PVC containers Plesk Service Team has prepared a special EZ template called ‘pp-microupdates’. The template is to be installed either on a container with PP (8.6.0 or later) or in the same transaction with other PP templates.