Ike.ninja

In an effort to keep the WordPress community up to date, this post provides an update on the PHP compatibility of the upcoming WordPress 6.4 release scheduled for November 7, 2023.  Recommended PHP version for WordPress 6.4 It’s recommended to use PHP 8.1 or 8.2 with this upcoming release. Please refer to the Hosting page […]

## 2023-10-13, Version 20.8.1 (Current), @RafaelGSS This is a security release. ### Notable Changes The following CVEs are fixed in this release: * [CVE-2023-44487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487): `nghttp2` Security Release (High) * [CVE-2023-45143](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2023-45143): `undici` Security Release (High) *

Several security issues were fixed in X.Org X Server, xwayland.

Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server, which may result in privilege escalation if the X server is running privileged.

An incomplete fix was discovered in .Net.

Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.

ncurses could be made to crash if it opened a specially crafted file.

Several security issues were fixed in OpenSSL.

Several security issues were fixed in the Linux kernel.

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Update Folly stack to the latest 2023.10.16.00 tag proxygen: Security fix for CVE-2023-44487

Several security issues were fixed in libvpx.

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to load arbitrary JavaScript code.

Security fix for CVE-2023-5535, CVE-2023-5441

Update to 2.14.11. Mitigates CVE-2023-5115.