**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
Archive for November, 2022
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon)
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output —- patchlevel 803 —- The newest upstream commit Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
USN-5709-1 introduced minor regressions in Firefox
WavPack could be made to crash if it opened a specially crafted file.
In the November 2022 survey we received responses from 1,135,089,912 sites across 271,689,143 domains and 12,306,625 web-facing computers. This reflects a gain of 4.7 million sites, a loss of 194,480 domains, and a gain of 6,685 web-facing computers.
The biggest growth this month comes from Cloudflare, with it gaining 8.3 million sites (+8.91%) and 490,000 domains (+1.94%). Cloudflare now accounts for 8.93% of all sites seen by Netcraft, up by 0.70pp since October.
nginx saw significant losses in its number of sites and domains this month. It lost 8.5 million sites (-2.75%) and 490,000 domains (-0.66%). However, nginx still holds its strong lead as the most widely used web server software, with a market share of 26.51% sites. Apache has the second largest number of sites, with a market share of 21.40%.
LiteSpeed continues its strong growth — this month it gained 720,000 sites (+1.28%) and 110,000 domains (+1.32%). This brings its market share of sites from 4.97% to 5.01% (+0.04pp).
Following its web-wide trend, Cloudflare has also seen growth in the top million sites. Since October, it gained 1,733 of the top million sites, with its market share increasing from 20.83% to 21.00% (+0.17pp). Meanwhile, both Apache and nginx have lost market share in the top million sites, with Apache down from 21.72% to 21.66% (-0.06pp) and nginx down from 21.36% to 21.21% (-0.15pp).
Vendor news
- nginx 1.23.2 was released on 19th October 2022. This version fixes memory corruption and disclosure vulnerabilities in
ngx_http_mp4_module
. - njs 0.7.8, the scripting language used to extend nginx, was released on 25th October 2022, adding many language features and bug fixes.
- Apache Tomcat versions 8.5.83, 9.0.68, 10.0.27, and 10.1.1 were released on 3rd October 2022. Most of the changes are bugfixes.
- Cloudflare announced early access for Privacy Gateway, a proxy allowing HTTP traffic to be securely encapsulated. It is based on the Oblivious HTTP IETF draft.
- AWS announced two new Local Zones: Hamburg, Germany and Warsaw, Poland. These are the first locations in Europe, and add to the now 20 generally available Local Zones.


Developer | October 2022 | Percent | November 2022 | Percent | Change |
---|---|---|---|---|---|
nginx | 309,403,564 | 27.37% | 300,890,891 | 26.51% | -0.86 |
Apache | 245,852,856 | 21.75% | 242,899,324 | 21.40% | -0.35 |
Cloudflare | 93,074,821 | 8.23% | 101,367,889 | 8.93% | 0.70 |
OpenResty | 91,587,837 | 8.10% | 91,612,799 | 8.07% | -0.03 |
Logging Subsystem 5.5.4 – Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
An update is now available for OpenShift Logging 5.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
A security update for Debezium is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Several security issues were fixed in OpenJDK.
Zstandard could be made to expose sensitive information
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
Security fix for CVE-2022-3705 2139842 – vim upgrade broke :! for displaying terminal output
* Fix scrolling issues in some sites having fixed background. * Fix prolonged buffering during progressive live playback. * Fix several crashes and rendering issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824
This post was written in collaboration with Lauren Stein (@laurlittle) and Anne McCarthy @annezazu). Twenty Twenty-Three is here, alongside WordPress 6.1! The new default theme offers a clean, blank canvas bundled with a collection of style variations. Style variations are predefined design options that give you the opportunity to alter the appearance of your site […]
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42799
Several security issues were fixed in PHP.
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42799
Podcast | Forging Your Own Web Development Path with Tracy Apps
Welcome back to the Plesk monthly podcast, where we explore the world of hosting, DevOps, and more! This month, we’re taking a closer look at how to get started as a developer. A common story among WordPress developers of a certain age is that they are self-taught. Let’s take this month’s guest, Tracy Apps: her journey into web development follows a similar path, but with some key differences. You see, Tracy has forged her own path. A path that skilfully combined art and engineering in a way that has allowed her to combine her best skills to deliver fantastic results…
The post Podcast | Forging Your Own Web Development Path with Tracy Apps appeared first on Plesk.
pixman could be made to crash or run programs if it processed specially crafted input.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
Several security issues were fixed in DHCP.
Update to 12.1, fixes CVE-2021-3826.
Backport fixes for CVE-2021-3826 and CVE-2022-38533.
SQLite could be made to crash or run programs if it received specially crafted input.