WordPress 5.3.2 is now available! This maintenance release features 5 fixes and enhancements. WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now. If you have sites that support […]
Archive for security
987 results.
We are planning to automatically update some servers from MySQL 5.5 to MySQL 5.7. This will affect servers that do not have databases and are running cPanel & WHM Version 78.
Comment
State of the Word: the story of the slides
Dec17
on December 17, 2019
at 7:27 pm
Posted In: Uncategorized
Curious about the Gutenberg powered slides used during State of the Word? This post uncovers some technical and design aspects of the project!
[20191202] – Core – Various SQL injections through configuration parameters
Dec16
on December 16, 2019
at 1:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 – 3.9.13
- Exploit type: SQL injection
- Reported Date: 2019-December-01
- Fixed Date: 2019-December-17
- CVE Number: CVE-2019-19846
Description
The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
Affected Installs
Joomla! CMS versions 2.5.0 – 3.9.13
Solution
Upgrade to version 3.9.14
Contact
The JSST at the Joomla! Security Centre.
Reported By: ka1n4t
[20191201] – Core – Path Disclosure in framework files
Dec16
on December 16, 2019
at 1:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.8.0 – 3.9.13
- Exploit type: Path Disclosure
- Reported Date: 2019-November-22
- Fixed Date: 2019-December-17
- CVE Number: CVE-2019-19845
Description
Missing access check in framework files could lead to a path disclosure.
Affected Installs
Joomla! CMS versions 3.8.0 – 3.9.13
Solution
Upgrade to version 3.9.14
Contact
The JSST at the Joomla! Security Centre.
Reported By: Lee Thao, Viettel Cyber Security
WordPress 5.3.1 Security and Maintenance Release
Dec13
on December 13, 2019
at 12:07 am
Posted In: Uncategorized
WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, […]
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Jill Binder Jill Binder never meant to become an activist. She insists […]
EasyApache 3 to EasyApache 4 Autoconversion
Dec04
on December 4, 2019
at 6:00 pm
Posted In: Uncategorized
As you may have noticed on the front page of our website, we’ve added a new section about the “Up Next” initiative, explaining upcoming changes to cPanel & WHM. A significant change coming in early 2020 is the EasyApache 3 to EasyApache 4 autoconversion. When we last made a change in the Up Next initiative, we upgraded users on out of date and unsupported cPanel & WHM version to Version 78. This upgrade did come …
November has been a big month in the WordPress community. New releases, big events, and a push for more contributors have characterized the work being done across the project — read on to find out more! The release of WordPress 5.3 “Kirk” WordPress 5.3 was released on November 12, and is available for download or […]
Giving Back- Volunteering at the Houston Food Bank
Nov26
on November 26, 2019
at 6:00 pm
Posted In: Uncategorized
On Wednesday, November 13th, a contingent of the cPanel team volunteered at the Houston Food Bank. Over the course of three hours, we managed to assemble 4800 boxes of food and prepare 60 pallets for delivery to families in need. These boxes of food will serve families throughout 18 different counties across the greater Houston area. Founded in 1982, the Houston Food Bank is a 308,000 square-foot warehouse and is the largest Feeding America food bank in the …
Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress […]
Version 5.3 of WordPress is available for download or update in your WordPress dashboard. The new editor continues to become more refined with intuitive interactions, a focus on accessibility, and a more consistent look & feel. A fresh new default theme is shipping with this release too, that puts blocks to good use and lets all users have more control over how their content appears.
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Kim Parsell We’d like to introduce you to Kim Parsell. Kim was […]
The fourth release candidate for WordPress 5.3 is now available! WordPress 5.3 is currently scheduled to be released on November 12 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time! There are two ways to test the WordPress 5.3 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
[20191002] – Core – Path Disclosure in phpuft8 mapping files
Nov05
on November 5, 2019
at 1:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.6.0 – 3.9.12
- Exploit type: Path Disclosure
- Reported Date: 2019-November-01
- Fixed Date: 2019-November-05
- CVE Number: CVE-2019-18674
Description
Missing access check in the phputf8 mapping files could lead to an path disclosure.
Affected Installs
Joomla! CMS versions 3.6.0 – 3.9.12
Solution
Upgrade to version 3.9.13
Contact
The JSST at the Joomla! Security Centre.
Reported By: Phil Taylor
[20191001] – Core – CSRF in com_template overrides view
Nov05
on November 5, 2019
at 1:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.2.0-3.9.12
- Exploit type: CSRF
- Reported Date: 2019-October-10
- Fixed Date: 2019-November-05
- CVE Number: CVE-2019-18650
Description
A missing token check in com_template causes a CSRF vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 – 3.9.12
Solution
Upgrade to version 3.9.13
Contact
The JSST at the Joomla! Security Centre.
Reported By: Lee Thao from Viettel Cyber Security
It’s time for our annual user and developer survey! If you’re a WordPress user or professional, we want your feedback. It only takes a few minutes to fill out the survey, which will provide an overview of how people use WordPress. We’re excited to announce that this year, for the first time, the survey is […]
October has been a busy month with preparations for WordCamp US as well as the next major release of WordPress. Read on to find out about all that work and more. WordPress 5.2.4 On October 14, WordPress 5.2.4 was released as a security release fixing 6 security issues. The fixes were backported to earlier versions […]
Sometimes, folks encounter a problem with their website that is hosted on a server using the cPanel hosting platform. When that happens, they often reach out to cPanel customer service or technical support for assistance. It seems logical, right? Your site is on a cPanel server, so cPanel is the obvious place to go for help. However, cPanel only creates the software that hosting providers use as a platform to offer their website hosting services. Most problems …
The third release candidate for WordPress 5.3 is now available! WordPress 5.3 is currently scheduled to be released on November 12 2019, but we need your help to get there—if you haven’t tried 5.3 yet, now is the time! There are two ways to test the WordPress 5.3 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
During the week of November 5th, we are releasing an Autofixer for all servers that are running outdated versions of cPanel & WHM (any version older than Version 78). Affected servers will start updating to cPanel & WHM Version 78. We wanted to take this opportunity to break down precisely what is happening, who is affected, and the benefits of upgrading your servers to supported versions. The Fix is In The Autofixer will update affected servers …
UPDATE: Let’s Encrypt has extended the lifetime of ACMEv1 until November 8th, extending the life of the API for 1 week. November 1st is now a production brownout date, so you may be affected by a loss of service on that date. For further information please read the following: https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/6 End of life for Let’s Encrypt Legacy, time to update! In August, we shared in a blog post that the Let’s Encrypt original API, ACMEv1, would be …
Empowering Generations of Digital Natives
Oct16
on October 16, 2019
at 8:03 pm
Posted In: Uncategorized
Technology is changing faster each year. Digital literacy can vary between ages but there are lots of ways different generations can work together and empower each as digital citizens. No matter whether you’re a parent or caregiver, teacher or mentor, it’s hard to know the best way to teach younger generations the skills needed to […]
The first release candidate for WordPress 5.3 is now available! This is an important milestone as we progress toward the WordPress 5.3 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.3 is currently […]
Responsible Participation In Online Communities
Oct15
on October 15, 2019
at 7:41 pm
Posted In: Uncategorized
In our first article in this series, we highlighted the WordPress mission to democratize publishing. WordPress introduced a tool to independent and small publishers who did not have the resources of the larger publishing platforms. Access to a free content management system to create websites has empowered thousands of people to find their voice online. […]
WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an […]
Becoming Better Digital Citizens Through Open Source
Oct14
on October 14, 2019
at 7:31 am
Posted In: Uncategorized
The WordPress Project is on a mission to democratize publishing. As WordPress empowers more people to participate in the digital space, we have the opportunity to make sure that everyone can participate safely and responsibly. Today marks the start of Digital Citizenship Week. We are going to share how open source can be used as […]
DNSSEC Clustering Now Available with PowerDNS
Oct10
on October 10, 2019
at 6:00 pm
Posted In: Uncategorized
In the event you missed it, we published a blog post back in December of 2018, announcing the deprecation of MyDNS and NSD. Now that PowerDNS has been the choice DNS Management tool of cPanel & WHM for several versions, the request for DNSSEC (Domain Name System Security Extensions) clustering has become even more popular. Well, you’ve been asking for it, and we’re ready to deliver it. Coming with cPanel & WHM Version 84 …
WordPress 5.3 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.3 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) […]
Way back in EasyApache 3, if a user wanted to make updates to their Apache configuration, they would do so by using the Apache distiller to make said changes. As you all know, we’ve moved on from EasyApache 3 to EasyApache 4 and are ever working to improve the functionality and performance of the product. That being said, we are removing the Apache distiller in cPanel & WHM version 84. Let’s break this down. What is a …