Strengthening connections with our users is a huge part of the work that we do on the Community Team here at cPanel, and conferences like JoomlaDay Florida are perfect for that. Even on years that it sells out (like this one), it’s only around 150 of our best friends with great chances to interact, and still intimate enough that we get a chance to really talk to some of the best folks there. I …
Archive for CMS
Let’s Talk MultiPHP
Many hosting providers have a large customer base with varying needs for their online projects. Available for systems running EasyApache 4, the MultiPHP Manager interface allows you to easily manage the PHP and PHP-FPM configurations of your cPanel accounts and domains. Hosting providers can switch between a number of different PHP versions with the click of a button, or allow more advanced users to upgrade to a newer version of PHP more quickly than others. There are …
If you’re not familiar with the Create Support Ticket interface, this tool lives inside WHM and allows a root user to create a support ticket with the cPanel Support staff. How is this more beneficial than logging in to Manage2 or using a form to submit a ticket? The Create Support Ticket tool streamlines and automates much of the process, including ensuring our support team will be able to access your server, decreasing the time it …
We’d like to introduce you to one of our newest features in cPanel & WHM version 78. The evolution of cPanel’s Email Authentication Interface to the Email Deliverability interface began with a desire to help users keep their legitimate emails out of Spam folders and turned into what we are showcasing here. These are some of the many improvements we’ve been making in an ongoing effort to help you increase your mail server’s efficiency. What is it? Previous to v78, …
WordPress 5.1 RC2
The second release candidate for WordPress 5.1 is now available! WordPress 5.1 will be released on Thursday, February 21, but we need your help to get there—if you haven’t tried 5.1 yet, now is the time! There are two ways to test the WordPress 5.1 release candidate: try the WordPress Beta Tester plugin (you’ll want […]
As of last week’s update, EasyApache 4 includes a light version of mod_lsapi, a module built and distributed by our friends at CloudLinux. This release is a scaled-back version of the module already distributed by CloudLinux. Anyone already using CloudLinux should use the one distributed by CloudLinux, but for everyone else let’s talk about it! What is mod_lsapi? mod_lsapi is an Apache module based on the LiteSpeed Technologies API that provides significant improvements in speed and …
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: Object Injection
- Reported Date: 2019-January-18
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7743
Description
The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-October-07
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7740
Description
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2019-January-16
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7741
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2019-January-17
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7739
Description
“No Filtering” textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.0.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-September-24
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7742
Description
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Affected Installs
Joomla! CMS versions 1.0.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.2
- Exploit type: XSS
- Reported Date: 2018-November-13
- Fixed Date: 2019-February-12
- CVE Number: CVE-2019-7744
Description
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.2
Solution
Upgrade to version 3.9.3
Contact
The JSST at the Joomla! Security Centre.
Joomla 3.9.3 Release
Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.
As of release 3.5 Joomla is collecting stats data, thanks to the stats plugin (only works if it’s enabled), and it found too many websites are not using the currently supported release of 3.9.2. This data is based on the Joomla, PHP, and database version. These are some pretty alarming statistics, and should not be ignored! We have provided some links at the bottom of this article for your reference, review, and to even get the latest release of Joomla.
The first release candidate for WordPress 5.1 is now available! This is an important milestone, as the release date for WordPress 5.1 draws near. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.1 is scheduled […]
As you may or may not be aware, on January 19th, 2019, a security announcement was published confirming the compromise of the PHP Extension and Application Repository (PEAR) installation script. The PEAR project had the following statement to announce: “A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered. The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the …
The momentum from December’s WordPress 5.0 release was maintained through January with some big announcements and significant updates. Read on to find out what happened in the WordPress project last month. WordPress Leadership Grows In a milestone announcement this month, WordPress project lead, Matt Mullenweg (@matt), named two individuals who are coming on board to […]
WordPress is the most commonly used CMS (Content Management Software) on the internet, with a market share of 59.5% of websites built on the internet. There are numerous ways to get a WordPress blog up and running for the public to see. One of the more popular ways to publish a blog is WordPress’ official site- WordPress.com. This site offers the opportunities for its users to build and maintain a free WordPress blog. There are downsides to a …
WordPress 5.1 Beta 3
WordPress 5.1 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Testerplugin (you’ll want to select the “bleeding […]
WordPress 5.1 Beta 2
WordPress 5.1 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to […]
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-December-05
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6262
Description
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-November-29
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6263
Description
Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-December-04
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6261
Description
Inadequate escaping in com_contact leads to a stored XSS vulnerability
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
Joomla 3.9.2 Release
Joomla 3.9.2 is now available. This is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains over 50 bug fixes and improvements.
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 2.5.0 through 3.9.1
- Exploit type: XSS
- Reported Date: 2018-December-01
- Fixed Date: 2019-January-15
- CVE Number: CVE-2019-6264
Description
Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.9.1
Solution
Upgrade to version 3.9.2
Contact
The JSST at the Joomla! Security Centre.
WordPress 5.1 Beta 1
WordPress 5.1 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding […]
WordPress 5.0.3 is now available! 5.0.3 is a maintenance release that includes 37 bug fixes and 7 performance updates. The focus of this release was fine-tuning the new block editor, and fixing any major bugs or regressions. Here are a few of the highlights: 15 block editor related bug fixes and improvements have been added […]
Security Advisor 101
Inside the Security Center section of WHM lies a feature that some cPanel & WHM users may not be familiar with. Security Advisor is a feature that when selected, displays possible security concerns that hosting providers will want to address, as well as a solution to that warning message. The settings that are flagged may be problematic in some configurations but are not something that would be addressed through a cPanel & WHM version …
New features, a big event, and important announcements marked December as a milestone month for the WordPress community. Release of WordPress 5.0 On December 6 WordPress 5.0 was released. This release includes the much anticipated new block editor as the default editing experience. While some users have chosen to continue using the Classic Editor on […]