We’d like to introduce you to one of our newest features in cPanel & WHM version 78. The evolution of cPanel’s Email Authentication Interface to the Email Deliverability interface began with a desire to help users keep their legitimate emails out of Spam folders and turned into what we are showcasing here. These are some of the many improvements we’ve been making in an ongoing effort to help you increase your mail server’s efficiency. What is it? Previous to v78, …
The second release candidate for WordPress 5.1 is now available! WordPress 5.1 will be released on Thursday, February 21, but we need your help to get there—if you haven’t tried 5.1 yet, now is the time! There are two ways to test the WordPress 5.1 release candidate: try the WordPress Beta Tester plugin (you’ll want […]
As of last week’s update, EasyApache 4 includes a light version of mod_lsapi, a module built and distributed by our friends at CloudLinux. This release is a scaled-back version of the module already distributed by CloudLinux. Anyone already using CloudLinux should use the one distributed by CloudLinux, but for everyone else let’s talk about it! What is mod_lsapi? mod_lsapi is an Apache module based on the LiteSpeed Technologies API that provides significant improvements in speed and …
The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate parameter handling in JS code could lead to an XSS attack vector.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
“No Filtering” textfilter overrides child settings in the Global Configuration. This is intended behavior but might be unexpected for the user. An additional message is now shown in the configuration dialog.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
A combination of specific webserver configurations, in connection with specific file types and browserside mime-type sniffing causes a XSS attack vector.
Joomla! CMS versions 1.0.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability.
Joomla! CMS versions 2.5.0 through 3.9.2
Upgrade to version 3.9.3
The JSST at the Joomla! Security Centre.
Joomla 3.9.3 is now available. This is a security fix release for the 3.x series of Joomla which addresses 6 security vulnerabilities and contains 30 bug fixes and improvements.
As of release 3.5 Joomla is collecting stats data, thanks to the stats plugin (only works if it’s enabled), and it found too many websites are not using the currently supported release of 3.9.2. This data is based on the Joomla, PHP, and database version. These are some pretty alarming statistics, and should not be ignored! We have provided some links at the bottom of this article for your reference, review, and to even get the latest release of Joomla.
The first release candidate for WordPress 5.1 is now available! This is an important milestone, as the release date for WordPress 5.1 draws near. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.1 is scheduled […]
As you may or may not be aware, on January 19th, 2019, a security announcement was published confirming the compromise of the PHP Extension and Application Repository (PEAR) installation script. The PEAR project had the following statement to announce: “A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered. The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the …
The momentum from December’s WordPress 5.0 release was maintained through January with some big announcements and significant updates. Read on to find out what happened in the WordPress project last month. WordPress Leadership Grows In a milestone announcement this month, WordPress project lead, Matt Mullenweg (@matt), named two individuals who are coming on board to […]
WordPress is the most commonly used CMS (Content Management Software) on the internet, with a market share of 59.5% of websites built on the internet. There are numerous ways to get a WordPress blog up and running for the public to see. One of the more popular ways to publish a blog is WordPress’ official site- WordPress.com. This site offers the opportunities for its users to build and maintain a free WordPress blog. There are downsides to a …
WordPress 5.1 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Testerplugin (you’ll want to select the “bleeding […]
WordPress 5.1 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to […]
Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Inadequate escaping in com_contact leads to a stored XSS vulnerability
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
Joomla 3.9.2 is now available. This is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains over 50 bug fixes and improvements.
Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
Joomla! CMS versions 2.5.0 through 3.9.1
Upgrade to version 3.9.2
The JSST at the Joomla! Security Centre.
WordPress 5.1 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding […]
WordPress 5.0.3 is now available! 5.0.3 is a maintenance release that includes 37 bug fixes and 7 performance updates. The focus of this release was fine-tuning the new block editor, and fixing any major bugs or regressions. Here are a few of the highlights: 15 block editor related bug fixes and improvements have been added […]
Inside the Security Center section of WHM lies a feature that some cPanel & WHM users may not be familiar with. Security Advisor is a feature that when selected, displays possible security concerns that hosting providers will want to address, as well as a solution to that warning message. The settings that are flagged may be problematic in some configurations but are not something that would be addressed through a cPanel & WHM version …
New features, a big event, and important announcements marked December as a milestone month for the WordPress community. Release of WordPress 5.0 On December 6 WordPress 5.0 was released. This release includes the much anticipated new block editor as the default editing experience. While some users have chosen to continue using the Classic Editor on […]
Several versions ago, we made some monumental changes to the way that the ACLs (access control lists) and APIs behave and the level of access they grant. These improvements allow webhosts to provide more access to resellers while maintaining security for root users and server owners. We want to take this opportunity to highlight the numerous changes that these updates bring. New Reseller Privileges Granted If you are a webhosting provider, you likely sell hosting …
As we countdown to 2019, we’ll be raising a glass (or two) to all our incredible volunteers who have made the leaps and bounds of 2018 possible.
In cPanel & WHM version 76, we implemented a new version of Apache Tomcat® for users that run EasyApache 4. This iteration represents a complete overhaul of our implementation and provides substantial differences from the EasyApache 3 version. The EasyApache 4 implementation of Tomcat configures a private instance for each user. This utilization increases security and allows the user to manage their Tomcat services, but increases memory use on the server. A Glimpse into the Process
One of the useful features that we offer with cPanel & WHM is the ability to run your own DNS server . The nameserver features we have provided in the past have included PowerDNS, MyDNS, BIND, and NSD. With the release of cPanel & WHM Version 78, we are deprecating NSD and MyDNS. New installations of cPanel & WHM version 78 will not allow you to select the NSD or MyDNS nameservers. Our long-term …
53 queries. 9.75 mb Memory usage. 1.327 seconds.