This past month has been filled with anticipation as the community builds up towards a big new release, plans some important events, and builds new tools to grow the future of the project. WordPress 5.2 Almost Due for Release WordPress 5.2 is due for release on May 7 with many new features included for developers […]
Archive for CMS
The first release candidate for WordPress 5.2 is now available! This is an important milestone as we progress toward the WordPress 5.2 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.2 is scheduled to […]
One of the more popular topics talked about amongst the cPanel Community is AutoSSL, a tool that automatically installs domain-validated SSL certificates for cPanel services and users’ websites. Since we haven’t touched on AutoSSL on our blog for a bit, some of the recent changes added to cPanel & WHM have created an opportune time to revisit one of cPanel’s most popular features. What is AutoSSL? AutoSSL is the solution for one of the most prominent SSL pain points for cPanel & …
Arguably, one of the most requested and popular feature requests submitted for cPanel & WHM has been the addition of the NGINX web server as an alternative to Apache. We have good news for those of you that have been asking: NGINX is coming. Note: as NGINX support on cPanel & WHM servers is still experimental, it will not be available in the WHM graphic user interface right away. Be advised that this is a representation of …
Force HTTPS Redirection
We’ve talked about SSL (secure socket layer) certificates both on the cPanel blog and at the 2018 cPanel Conference in Houston, Tx as well as many other avenues at length. The importance of having an SSL for services and websites on your server cannot be understated. One of the most common support requests for both hosting providers and end-users is: once an SSL certificate is installed for your website, how do you redirect traffic to …
WordPress 5.2 Beta 3
WordPress 5.2 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the latest WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want […]
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Versions: 3.0.0 through 3.9.4
- Exploit type: XSS
- Reported Date: 2019-March-25
- Fixed Date: 2019-April-09
- CVE Number: TBA
Description
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: High
- Versions: 3.2.0 through 3.9.4
- Exploit type: ACL Violation
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10946
Description
The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.9.4
- Exploit type: Directory Traversal
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10945
Description
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Joomla 3.9.5 Release
Joomla 3.9.5 is now available. This is a security fix release for the 3.x series of Joomla which addresses three security vulnerabilities and contains over 20 bug fixes and improvements.
Last year, we shared “7 Ways We’ve Improved Email Hosting on cPanel & WHM” and we looked at some cool features for email accounts. After much improvement, we felt that Plus Addressing was an interesting enough feature to include as a blog post! So what is plus addressing? Known officially as subaddressing, plus addressing delivers mail in a particular way so that you can better organize incoming mail. Additionally, plus addressing is used as a method to …
WordPress 5.2 Beta 2
WordPress 5.2 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want to […]
WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20. Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to […]
WordPress reached a significant milestone this month. With some exciting developments in Core, an interesting new proposal, and the return of a valuable global event, March was certainly an interesting time. WordPress Now Powers One-Third of the Web WordPress’ market share has been steadily increasing, and as of halfway through this month, it powers over […]
WordPress 5.2 Beta 1
WordPress 5.2 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.2 Beta two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
It’s an exciting day for The Joomla Project and BRANDIT!
As the consolidation and packaging of web services move forward, we are happy to announce the official launch of our domains platform (powered by BRANDIT), domains.joomla.org.
“Eating your own dog food” is a popular practice amongst companies where the employees are encouraged, and often do, use their own product in real life scenarios. The phrase “eating your own dog food” was purported to have been coined in the 1970s when television advertisements for Alpo Dog Food. Spokesman Lorne Greene pointed out that he had fed Alpo to his own dogs. Another possibility, even stranger, was a story of the president of …
In 2018, cPanel, with their longterm partner CloudLinux, began offering Imunify360 as a featured security product. With cPanel & WHM Version s82 or 84, we are integrating ImunifyAV into all cPanel & WHM servers. Imunify360 is a product set from our industry partner CloudLinux and will provide all customers with the most effective malware detection solution in the industry. We have spent years working extensively with the development teams at CloudLinux on a variety of …
One-third of the web!
WordPress now powers over 1/3rd of the top 10 million sites on the web according to W3Techs. Our market share has been growing steadily over the last few years, going from 29.9% just one year ago to 33.4% now. We are, of course, quite proud of these numbers! The path here has been very exciting. […]
cPanel & WHM Version 80 will not support MySQL 5.5, and updates to cPanel & WHM Version 80 will be blocked for any server still running MySQL 5.5. We are also blocking updates for any cPanel & WHM servers that connect to MySQL 5.5 servers running. The MySQL/MariaDB Upgrade interface inside WHM makes upgrading safe and easy. Why the block? On December 31st, 2018, MySQL version 5.5 entered End of Life status. Any server currently running MySQL …
As a part of an ongoing initiative to improve user experience in our product, in cPanel & WHM Version 78 we introduced cPanel Analytics. This functionality is intentionally built with ease of use and privacy in mind. It provides us with deeper insight into how our customers utilize cPanel, WHM, and Webmail without compromising the privacy of those users. We tested the feature directly with a few customers on cPanel & WHM Version 74, made some adjustments in …
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: High
- Versions: 3.8.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-28
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9713
Description
The sample data plugins lack ACL checks, allowing unauthorized access.
Affected Installs
Joomla! CMS versions 3.8.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-25
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9714
Description
The media form field lacks escaping, leading to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-February-25
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9711
Description
The item_title layout in edit views lacks escaping, leading to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.2.0 through 3.9.3
- Exploit type: XSS
- Reported Date: 2019-March-04
- Fixed Date: 2019-March-12
- CVE Number: CVE-2019-9712
Description
The JSON handler in com_config lacks input validation, leading to XSS vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.9.3
Solution
Upgrade to version 3.9.4
Contact
The JSST at the Joomla! Security Centre.
Joomla 3.9.4 Release
Joomla 3.9.4 is now available. This is a security fix release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains 28 bug fixes and improvements.
WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]
Exim (Experimental Internal Mailer) is a mail transfer agent known for being a general and flexible mailer, with many tools for checking incoming email. Created in 1995 by Philip Hazel, an estimated 57% of publicly reachable mail servers on the internet use Exim. Using the Sendmail design model, Exim has defined stages where it gains or loses privileges on a server, to help increase the security of mail delivery overall. Many of the benefits that Exim provides …
A report by Check Point Research has been brought to our attention relating to a security vulnerability that was patched back in December 2015. This report has also been picked up by Threat Post.
Both reports contain a great deal of inaccuracies and intimate that the vulnerability detailed is a current one.
This statement serves to clarify the facts surrounding this issue. Furthermore we would like to assure our user base that, much as these posts attempt to state that this is a current issue, the truth of the matter is far from that.