You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. The beginning In 1998, Kori created her very first HTML website. Her dad […]
Archive for security
1002 results.
I’ve arrived at the difficult decision to cancel the inaugural WordCamp Asia event, which was planned to take place in Bangkok on February 21st. The excitement and anticipation around this event have been huge, but there are too many unknowns around the health issues unfolding right now in the region to explicitly encourage a large […]
WordPress 5.4 Beta 1
Feb11
WordPress 5.4 Beta 1 is now available for testing! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.4 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” […]
Helping create a safer internet is an essential part of cPanel’s mission, and that’s why we began integrating security extensions right into our product. We started by offering Imunify360, a robust and comprehensive security suite, as a featured product in 2018. Then, in 2019, we integrated ImunifyAV into all cPanel & WHM servers. Now, with the release of cPanel & WHM Version 86, we are pleased to include ImunifyAV+ as a product that can be purchased …
Comment
Following an action-packed December, 2020 is off to a fine start with some new releases and announcements. Read on to find out what happened in the WordPress project in January. Release of Gutenberg 7.2 & 7.3 Gutenberg 7.2, the first Gutenberg release of 2020, was deployed on January 8th and included over 180 pull requests […]
Beginning in cPanel & WHM Version 86, the way we use the term “LTS” or Long Term Support in reference to our software is changing. We’re making this important change for several reasons, and we want to provide you with information to help you keep your servers secure and up to date. How cPanel’s Versioning and Tiers Work We’re making a change to our release methodology and update system, which will assist you in keeping your servers …
We have begun offering SolusVM Master Enterprise licenses to Direct Store customers through the cPanel Store as an option for hypervisor users who wish to utilize the virtualization management software. SolusVM licenses are a new option to purchase, but aren’t a required installation or upgrade. If you’re interested in a control panel for a virtualized environment, read on to find out more. What is SolusVM? SolusVM is a GUI and API based VPS management system with support for platform virtualization tools such as
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.9.0-3.9.14
- Exploit type: XSS
- Reported Date: 2019-December-25
- Fixed Date: 2020-January-28
- CVE Number: CVE-2020-xxxxx
Description
Inadequate escaping of usernames allow XSS attacks in com_actionlogs.
Affected Installs
Joomla! CMS versions 3.9.0 – 3.9.14
Solution
Upgrade to version 3.9.15
Contact
The JSST at the Joomla! Security Centre.
Reported By: Mayank Kumbhar from Techjoomla
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.0.0-3.9.14
- Exploit type: CSRF
- Reported Date: 2019-December-18
- Fixed Date: 2020-January-28
- CVE Number: CVE-2020-xxxxx
Description
A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.14
Solution
Upgrade to version 3.9.15
Contact
The JSST at the Joomla! Security Centre.
Reported By: Lee Thao from Viettel Cyber Security
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0-3.9.14
- Exploit type: CSRF
- Reported Date: 2019-December-23
- Fixed Date: 2020-January-28
- CVE Number: CVE-2020-8419
Description
Missing token checks in the batch actions of various components causes CSRF vulnerabilities.
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.14
Solution
Upgrade to version 3.9.15
Contact
The JSST at the Joomla! Security Centre.
Reported By: Lee Thao from Viettel Cyber Security
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Robert Cheleuka Robert is a self-taught graphic and motion designer turned web […]
Two members of the WordPress leadership team were nominated for excellent work in their field in the first ever Community Industry Awards. Andrea Middleton is nominated for Executive Leader of a Community Team and Josepha Haden Chomphosy is nominated for Community Professional of the Year. CMX is one of the largest professional organizations dedicated to […]
Upcoming API changes
Jan07
The new year is here and with it comes a new round of updates for cPanel & WHM®. While we’re just now rolling out Version 86, now is the time to take action. With the release of Version 88, we will start removing cPanel API 1 functionality, and any custom code or integrations using these calls will no longer work. Why is the API 1 functionality being removed? The cPanel API 1 system is outdated and …
As 2019 draws to a close and we look ahead to another exciting year let’s take a moment to review what the WordPress community achieved in December. WordPress 5.3.1 and 5.3.2 Releases The WordPress 5.3.1 security and maintenance release was announced on December 13. It features 46 fixes and enhancements. This version corrects four security […]
We are looking for users to test drive TLSv1.3 and OpenSSL 1.1.1 with EasyApache 4 and cPanel. Read more if you’d like to take part in this test.
WordPress 5.3.2 is now available! This maintenance release features 5 fixes and enhancements. WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now. If you have sites that support […]
Upcoming MySQL Changes
Dec18
We are planning to automatically update some servers from MySQL 5.5 to MySQL 5.7. This will affect servers that do not have databases and are running cPanel & WHM Version 78.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 – 3.9.13
- Exploit type: SQL injection
- Reported Date: 2019-December-01
- Fixed Date: 2019-December-17
- CVE Number: CVE-2019-19846
Description
The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
Affected Installs
Joomla! CMS versions 2.5.0 – 3.9.13
Solution
Upgrade to version 3.9.14
Contact
The JSST at the Joomla! Security Centre.
Reported By: ka1n4t
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.8.0 – 3.9.13
- Exploit type: Path Disclosure
- Reported Date: 2019-November-22
- Fixed Date: 2019-December-17
- CVE Number: CVE-2019-19845
Description
Missing access check in framework files could lead to a path disclosure.
Affected Installs
Joomla! CMS versions 3.8.0 – 3.9.13
Solution
Upgrade to version 3.9.14
Contact
The JSST at the Joomla! Security Centre.
Reported By: Lee Thao, Viettel Cyber Security
WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, […]
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Jill Binder Jill Binder never meant to become an activist. She insists […]
EasyApache 3 to EasyApache 4 Autoconversion
Dec04
on December 4, 2019
at 6:00 pm
Posted In: Apache, CMS, Community, cPanel, cpanel whm, easyapache, easyapache 3, EasyApache 4, Events, Products, Releases, security, System
As you may have noticed on the front page of our website, we’ve added a new section about the “Up Next” initiative, explaining upcoming changes to cPanel & WHM. A significant change coming in early 2020 is the EasyApache 3 to EasyApache 4 autoconversion. When we last made a change in the Up Next initiative, we upgraded users on out of date and unsupported cPanel & WHM version to Version 78. This upgrade did come …
November has been a big month in the WordPress community. New releases, big events, and a push for more contributors have characterized the work being done across the project — read on to find out more! The release of WordPress 5.3 “Kirk” WordPress 5.3 was released on November 12, and is available for download or […]
On Wednesday, November 13th, a contingent of the cPanel team volunteered at the Houston Food Bank. Over the course of three hours, we managed to assemble 4800 boxes of food and prepare 60 pallets for delivery to families in need. These boxes of food will serve families throughout 18 different counties across the greater Houston area. Founded in 1982, the Houston Food Bank is a 308,000 square-foot warehouse and is the largest Feeding America food bank in the …
WordPress 5.2.4 Update
Nov19
Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress […]
WordPress 5.3 “Kirk”
Nov12
Version 5.3 of WordPress is available for download or update in your WordPress dashboard. The new editor continues to become more refined with intuitive interactions, a focus on accessibility, and a more consistent look & feel. A fresh new default theme is shipping with this release too, that puts blocks to good use and lets all users have more control over how their content appears.
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Kim Parsell We’d like to introduce you to Kim Parsell. Kim was […]
WordPress 5.3 RC4
Nov05
The fourth release candidate for WordPress 5.3 is now available! WordPress 5.3 is currently scheduled to be released on November 12 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time! There are two ways to test the WordPress 5.3 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.6.0 – 3.9.12
- Exploit type: Path Disclosure
- Reported Date: 2019-November-01
- Fixed Date: 2019-November-05
- CVE Number: CVE-2019-18674
Description
Missing access check in the phputf8 mapping files could lead to an path disclosure.
Affected Installs
Joomla! CMS versions 3.6.0 – 3.9.12
Solution
Upgrade to version 3.9.13
Contact
The JSST at the Joomla! Security Centre.
Reported By: Phil Taylor