Ike.ninja

It’s very common these days for hosting providers to offer cloud-based hosting solutions to their customers. In configuring these servers ourselves, and in interactions with our customers’ servers, an issue has come to our attention where the dhclient script does not preserve locally-configured hostnames. This means that hostnames configured on the command line might not remain through a reboot. We wante to provide a workaround solution for this while continuing to investigate a more permanent, long-term solution. What …

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version […]

Say Hello to the New Editor We’ve made some big upgrades to the editor. Our new block-based editor is the first step toward an exciting new future with a streamlined editing experience across your site. You’ll have more flexibility with how content is displayed, whether you are building your first site, revamping your blog, or […]

WordPress 5.0 is almost ready for release, including an all-new content editing experience. Volunteers all across the project are gearing up for the launch and making sure everything is ready. Read on to find out what’s been happening and how you can get involved. WordPress 5.0 Close to Launch The release date for WordPress 5.0 […]

The first release candidate for WordPress 5.0 is now available! This is an important milestone, as we near the release of WordPress 5.0. The WordPress 5.0 release date has shifted from the 27th to give more time for the RC to be fully tested. A final release date will be announced soon, based on feedback on […]

WordPress 5.0 Beta 5 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test this WordPress 5.0 Beta: try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”), or […]

WordPress 5.0 Beta 4 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.0 Beta: try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”), or […]

To keep everyone aware of big projects and efforts across WordPress contributor teams, I’ve reached out to each team’s listed representatives. I asked each of them to share their Top Priority (and when they hope for it to be completed), as well as their biggest Wins and Worries. Have questions? I’ve included a link to […]

WordPress 5.0 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.0 Beta: try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”), or […]

If you’ve ever logged in to WHM as a root-level user, you’ve assuredly seen a box with a notification of a new or improved feature. This dialogue box is known as the “Feature Showcase,” and has allowed us at cPanel to present information about changes to cPanel & WHM. Since its creation, the Feature Showcase was only available for use by cPanel. However, we’ve made some changes to the functionality of the Feature Showcase …

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 2.5.0 through 3.8.12
• Exploit type: CSRF
• Reported Date: 2018-September-26
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17858

Description

Added additional CSRF hardening in com_installer actions in the backend.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.1.0 through 3.8.12
• Exploit type: ACL Violation
• Reported Date: 2018-June-20
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17857

Description

Inadequate checks on the tags search fields can lead to an access level violation.

Affected Installs

Joomla! CMS versions 3.1.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 2.5.0 through 3.8.12
• Exploit type: Incorrect Access Control
• Reported Date: 2018-September-17
• Fixed Date: 2018-October-02
• CVE Number: CVE-2018-17859

Description

Inadequate checks in com_contact could allowed mail submission in disabled forms.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.12

Solution

Upgrade to version 3.8.13

Contact

The JSST at the Joomla! Security Centre.

Today is the first day of the 2018 cPanel Conference. We’re in the middle of setting everything up right now, getting ready to open up conference check-in and registration, and anticipating tonight’s networking party at Chapman and Kirby. We’ve spent the last 12 months planning this year’s conference, and we are ready to rock! Return of the Lab! This year the cPanel Lab is returning. In case you are unfamiliar, the cPanel Lab is a collection of …

There are a lot of things we are looking forward to at this year’s conference. Engaging talks, fantastic networking sessions, super cool swag, and of course, some of the best evening events in the industry. We are bringing it back to our hometown of Houston, TX and we cannot wait to give you the grand tour! We have so much in store for our attendees that we’ve put together this checklist. By the time you all …