WP Briefing: Episode 46: The WP Bloopers Podcast
This episode of the WP Briefing features all the Josepha bloopers our little elves have stored away over the year.
This episode of the WP Briefing features all the Josepha bloopers our little elves have stored away over the year.
It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.
OpenImageIO is a library for reading and writing images, and a bunch of related classes, utilities, and applications. Main features include: – Extremely simple but powerful ImageInput and ImageOutput APIs for reading and writing 2D images that is format agnostic. – Format plugins for TIFF, JPEG/JFIF, OpenEXR, PNG, HDR/RGBE, Targa, JPEG-2000,
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. This package contains WebKit2 based WebKitGTK for GTK 3.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42852
ZeddYu Lu discovered that the FTP client of Apache Commons Net, a Java client API for basic Internet protocols, trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the
Several vulnerabilities were discovered in gerbv, a Gerber file viewer, which could result in the execution of arbitrary code, denial of service or information disclosure if a specially crafted file is processed.
What are WordPress salts? Here’s the short answer: they can help protect your WordPress website by storing user passwords and authenticating them safely. But what about the long answer? In this guide to WordPress Salts, you will find: A detailed look at WordPress salts Where WordPress salts can be found Information on how often you need to update WordPress salts and security keys Two techniques for changing WordPress salts By the time you reach the end of this guide, you will have the details you need to start using WordPress salts and get the most out of them. A…
The post What Are WordPress Salts and How Do They Protect Your Site? appeared first on Plesk.
Fix CVE-2022-4285. Fix a segfault when printing ghost variable.
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
Update to 2022.10.3. Fixes CVE-2022-40284
Fix CVE-2022-4285. Fix a segfault when printing ghost variable.
LibHTP has been updated to 0.5.42 and is bundled with the release. Various security, performance, accuracy and stability issues have been fixed.
Josepha reflects on this year’s State of the Word address here on the WP Briefing podcast.
An integer overflow flaw was discovered in the CRL signature parser in libksba, an X.509 and CMS support library, which could result in denial of service or the execution of arbitrary code.
Security fix for CVE-2022-41854
Fix buggy patch to CVE-2022-46340
Release notes for xrdp v0.9.21 (2022/12/10) General announcements – Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes This update is
Security fixes for CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023
Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
In the December 2022 survey we received responses from 1,125,374,532 sites across 271,238,722 domains and 12,234,425 web-facing computers. This reflects a loss of 9.7 million sites, 450,421 domains, and 72,200 web-facing computers.
Cloudflare continues its growth, gaining 1.5 million sites (+1.44%) and 309,670 domains (+1.21%). Cloudflare now accounts for 9.14% of sites and 9.57% of domains seen by Netcraft, up by 0.21pp and 0.13pp respectively.
Apache lost 7.4 million sites (-3.03%) and 15,439 web-facing computers (-0.46%). However, it saw a modest gain of 52,986 domains (+0.09%). nginx also saw significant loss of 5.5 million sites (-1.84%), 1.3 million domains (-1.77%), and 82,128 web-facing computers (-1.71%).
The largest percentage growth this month comes from LiteSpeed, with it gaining 1.1 million sites (+2.01%) and 170,873 domains (+2.03%). OpenResty also saw a significant growth of 1.1 million sites (+1.20%) but lost 135,748 domains (-0.34%).
In the top million busiest sites, Cloudflare continues its upward trend – gaining 809 of the top million sites, which increases its market share by 0.08pp to 21.08%. The gap between Cloudflare and the leader Apache, which lost 784 sites and 0.08pp market share, is down to just 0.51pp. In second place, nginx gained a modest 428 sites and 0.04pp market share.
Developer | November 2022 | Percent | December 2022 | Percent | Change |
---|---|---|---|---|---|
nginx | 300,890,891 | 26.51% | 295,366,783 | 26.25% | -0.26 |
Apache | 242,899,324 | 21.40% | 235,541,408 | 20.93% | -0.47 |
Cloudflare | 101,367,889 | 8.93% | 102,829,746 | 9.14% | 0.21 |
OpenResty | 91,612,799 | 8.07% | 92,711,293 | 8.24% | 0.17 |
NGINX is an open-source, free web server used for a wide range of topics including mail proxy, reverse proxy, load balancer and HTTP caching. Solution provides a high standard of performance with low weight, and while it is still fairly new compared to some of the alternative web servers on the market, NGINX is incredibly popular nonetheless. Its default setup offers high-speed performance, so it’s sure to impress you from the start — but there are ways to boost its performance even further. All you have to do is adjust some of its configurations. In our quick guide to improving…
The post NGINX Performance Tuning Tips appeared first on Plesk.
Any WordPress user knows that website problems are, sadly, unavoidable from time to time. Even the best coding is never perfect, after all. So, eventually, you may need to face the complexities of debugging in WordPress. But don’t worry: it’s actually a fairly simple, fast process. You can use various methods for debugging WordPress, with one for every experience level. This post will explore the debugging in WordPress process, covering how it works, how it can make coding more streamlined, and numerous tools and features for effective debugging. WordPress Debugging – The Purpose If you have no experience of debugging,…
The post Debugging in WordPress Explained appeared first on Plesk.
WordPress enthusiasts tuned in last week for the State of the Word address to celebrate the project’s yearly accomplishments and explore what 2023 holds. But that’s not the only exciting update from the past month. New proposals and ideas are already emerging with an eye on the year ahead—let’s dive into them! Highlights from State […]
– Fix CVE-2022-44789 (rhbz#2148261) – Fix CVE-2022-30975 (rhbz#2088596) – Fix CVE-2022-30974 (rhbz#2088591)
xwayland 22.1.6 Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, CVE-2022-4283
Security fix for CVE-2022-3500 Proper exception handling in tornado_requests
Update to version 4.17.4
Update to 102.6.0 ; https://www.mozilla.org/en- US/security/advisories/mfsa2022-53/ ; https://www.thunderbird.net/en- US/thunderbird/102.6.0/releasenotes/
58 queries. 8.75 mb Memory usage. 0.655 seconds.