Certificate revocation is intended to convey a complete withdrawal of trust in an SSL certificate and thereby protect the people using a site against fraud, eavesdropping, and theft. However, some contemporary browsers handle certificate revocation so carelessly that the most frequent users of a site and even its administrators can continue using an revoked certificate […]
WordPress 3.6 Beta 3 is now available! This is software still in development and we really don’t recommend that you run it on a production site — set up a test site just to play with the new version. To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). Beta […]
Early last week, Netcraft blocked a website purporting to offer online support for eBay customers. The website made use of a third-party live chat service provided by Volusion, an e-commerce outfit which also provides both free and premium hosted live chat services. By running a live chat service and asking the right questions, a fraudster […]
As an open source, free software project, WordPress depends on the contributions of hundreds of people from around the globe — contributions in areas like core code, documentation, answering questions in the support forums, translation, and all the other things it takes to make WordPress the best publishing platform it can be, with the most […]
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Use of old version of Flash-based file uploader leads to XSS vulnerability.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate permission checking allows unauthorised user to delete private messages.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Object unserialize method leads to possible denial of service vulnerability.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
In honor of the upcoming 10th anniversary celebrations, we’ve put a special 10th anniversary tshirt in the swag store at cost — $10 per shirt plus shipping. They’ll be on sale at this price until the anniversary on May 27, and they’ll start shipping out the week of April 29. Some people who are planning […]
Rank Company site OS Outagehh:mm:ss FailedReq% DNS […]
Hot on the heels of recent WordPress attacks, Netcraft has found a phishing attack which uses a script hosted on the official UGG blog at blog.uggaustralia.com. UGG — famous for its sheepskin boots — hosts its WordPress blog with Media Temple but its blog also contains a malicious PHP script which fleeces HSBC customers out […]
Certificate revocation is a critical aspect of maintaining the security of the third-party Certificate Authority (CA) infrastructure which underpins secure communication on the internet using SSL/TLS. A certificate may be worth revoking when it has had its private key compromised, the owner of the certificate no longer controls the domain for which it was issued, […]
As part of Netcraft’s ongoing work in providing anti-fraud and anti-phishing services, we have recently discovered a significant number of Russian language attacks targeting users of popular pieces of software, including well known brands such as Angry Birds. This type of attack can be particularly successful as it exploits a user’s trust in a brand. […]
What’s on May 27, you ask? May 27, 2013 is the 10th anniversary of the first WordPress release! We think this is worth celebrating, and we want WordPress fans all over the world to celebrate with us by throwing their own parties. We’re using Meetup Everywhere to coordinate, and will be putting up a website […]
WordPress 3.6 Beta 1 is now available! This is software still in development and we really don’t recommend that you run it on a production site — set up a test site just to play with the new version. To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). We’ve […]
Mulberry — well known for its luxury fashion accessories — is currently being impersonated by fake online stores which have successfully promoted themselves to the first page of search engine results by planting malign JavaScript on hacked websites.
Over the last few months, the Platform team of maintainers and developers have been talking about future directions. One of our goals for this year is to introduce namespacing. This has been a very large undertaking and as work has progressed, it became obvious that backward compatibility was going to be a constant battle. One of the negative side-effects of this would be that the Joomla CMS wouldn’t be able to use the planned 13.1 release of the Platform for some time if we introduced namespacing in that version.
After a lot of discussion both internally and with other developers in the community, in order to address the problem, as well as to take advantage of some new opportunities, we’ve decided to make some changes to the Platform.
Bitcoin, a distributed digital currency that cryptographically verifies transactions, has recently seen a large increase in usage — the total amount of Bitcoins in circulation is now well over $1B US Dollars and each Bitcoin is today worth more than $100. By way of comparison, Gibraltar — a British Overseas Territory and a conventional tax […]
cPanel has published security updates for all supported versions of cPanel & WHM. These updates contain fixes for a problem with the Roundcube webmail application. We recommend all customers update to the latest build of each version as soon as possible. The cPanel Security Team has assigned a rating of …
As part of the normal budgeting process, the Production Leadership Team has come up with six goals for 2013. Those goals concern releases of the Joomla Platform and the Joomla CMS, continuing maintenance updates, and outreach and promotion to a technical audience.
Our goal is to release at least three new versions of the Joomla Platform in 2013. The timing of releases is not exact and only used for the benefit of planning. As such, we anticipate the following releases this year.
The following sub-goals are also envisioned for the Joomla Platform.
The release strategy for the Joomla Platform differs a little from the CMS because we generally consider work within a “year” as opposed to work within a particular “version”. However, the system is a little ad hoc and we’d like to bring some clarity to releasing the Joomla Platform. In addition, we aim to ratify the deprecation policy.
We aim to look at tools that can be used to assist people working collaboratively on features within the Joomla Platform, and also help people work out what they can do, be that in the area of development, documentation or even general administrative maintenance. Possible outcomes could include a better policy by which we use Joomla Platform’s issue tracker on Github, or looking at other tools like Jira.
We aim, this year, to introduce namespacing to the Joomla Platform and to bring the core source tree in compliance with PSR-1. Doing so will allow the Joomla Platform to be integrated with other PHP projects and give developers using the Joomla Platform more options.
We want to challenge the Joomla development community to raise our code quality and, this year, to ensure that all packages in the core platform have no less than 50% code coverage (lines of code).
We want to encourage the Joomla development community to add complete documentation for at least five package that currently do not have documentation.
We will release new versions of the Joomla CMS according to this schedule:
We will use PLT summits to discuss issues regarding the releases, supplemented by virtual meetings. We will examine and discuss ideas from the Joomla Ideas Pool, the Joomla Feature Patch Tracker and other sources. We will use these to announce visions or themes for CMS releases.
To accomplish this, we need volunteer developers, documenters, and translators. We will facilitate Pizza, Bugs and Fun (PBF) events, code and documentation sprints, working group meetings, Student programmes, Roadmap Sessions and other such events.
The following sub-goals are also envisioned for the Joomla CMS.
We want to challenge the Joomla development community to raise our code quality and, this year, to ensure that the CMS libraries (the code found under /libraries/cms) have no less than 30% code coverage (lines of code).
In addition to unit testing the CMS libraries, unit test coverage should be expanded to other areas of the code, with a future goal of all PHP classes being testable. Prime candidates for unit testing would be the classes in the various /includes folders (application classes) and the FinderIndexer classes (administrator/components/com_finder/helpers/indexer).
Presently, the CMS is only enforcing a small subset of the Joomla Coding Standard, and excludes numerous files from being scanned for the various rules. Developers are encouraged to assist in bringing all files in compliance with the Joomla Coding Standards. This recognizes that the Joomla Coding Standard has different rules for alternate syntax in layout files.
The Joomla! CMS has numerous automated testing tools to assist in maintaining a high quality of code, however, patches to the CMS are not tested for compliance with these tests prior to being merged into the code base. Determine a method to enforce automated test compliance (unit and system testing, code standard compliance) without making the user contribution process more difficult.
While the fun part is new features and releases, a major part of our responsibility is to the existing releases. Normal maintenance releases of an existing long term support release will be made until 3 months after the general availability of the next long term support release. Ongoing support of the short term releases continues until a month after a superseding release. The number, timing, and nature of the maintenance releases depends on the circumstances.
The Joomla Bug Squad and the Joomla Security Strike Team are the main volunteers spearheading this effort.
The PLT aims to expand its outreach and promotion of Joomla to technical audiences, both those within and outside the Joomla project. We will do this by attending technical conferences and events, and speaking about current and future development within the project.
Members of the Joomla community will be invited to speak about and promote Joomla at events worldwide.
The Google Summer of Code program 2012 edition was very sucessful with several contributions to the Joomla Project (see http://conference.joomla.org/speakers/sessions/session/session/83-joomla-and-google-summer-of-code-2012.html). This year the Joomla Project plans to maintain support of this initiative and encourages the community to actively participate in the program.
We will be asking the development community to help us review the developer.joomla.org site to ensure that information is up-to-date, relevent and accurate. Our aim is that when people have questions about Joomla development, there is an easily found link on developer.joomla.org that they can be directed to that answers their question, or at least directs them to a place where they can find answers.
To do this, we will need a team of volunteers to help identify areas of the site that are missing content and need content modified.
Support the production teams in implementing improvements in the language areas of the project (“multilingual” and “language packages”). See these examples from 2012:
In agreement with the Translation Team, dedicate resources on improving processes and tools to automate the creation of translation packages and uploading them to the Joomla Languages Server.
Projects like Facebook (http://www.insidefacebook.com/…), RememberTheMilk (http://www.rememberthemilk.com/…/) or other projects using https://www.transifex.com are taking advantage of their communities in order to localize their software. Joomla is being translated by its community into 64 languages but there is plenty of space for more languages and more community participation. At the same time many Joomla 3rd party developers are searching for a solution on how their communities can contribute in the translation of their extensions. It is a goal for 2013 to study and identify common needs between the Joomla project and 3rd party developers interested in joining efforts to plan a solution for increasing the international community involvement in the translation of software. Some tools already exist that can be improved:http://extensions.joomla.org/extensions/languages/language-edition/17755
Since transitioning from SVN to Git in late 2011, the PLT has recognized that there have been struggles with the contribution process, particularly towards the CMS. Much of this headache exists in the issue/feature tracking processes, which are not connected to GitHub at present. The PLT aims to improve this process in 2013 by investigating ways to improve the existing Joomlacode infrastructure or evaluating the potential of implementing a new tracking system which suits the project requirements and improves the native integration with GitHub.
Feedback, comments, and discussion on the 2013 production goals are welcome. In order to facilitate communication, we encourage users to respond with their feedback on this thread on the Joomla General Development mailing list – https://groups.google.com/d/topic/joomla-dev-general/6K-mnKwzC2E/discussion.
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having important security impact. Information on …
Netcraft’s toolbar community has reported a sudden increase in the number of malicious scripts which direct webmail and online banking traffic through rogue proxy servers.
Version 12.3 (“Curiosity”) of the Joomla Platform was tagged and released on 20 December 2012. It is the third release of the 12.x series. In addition to numerous bug fixes, documentation updates and it also brings new features, the main ones: 
The full list of commits is available here https://github.com/joomla/joomla-platform/commits/12.3 and the api doc here http://api.joomla.org. The Joomla! Platform Manual is available at http://joomla.github.com/joomla-platform/.
If you are a Joomla extension developer, your feedback on a proposed new method of checking extension compatibility with Joomla, before a Joomla upgrade takes place, is needed. This is your chance to influence a major Joomla feature which will stay with us for years to come.
Providing your feedback is very simple. There is a forum thread where you can voice your concerns or express your support. All arguments will be carefully considered. The discussion will be open until 2 January 2013. Now is the time for your voice to be heard.
The Joomla Platform Maintainers would like your feedback about whether, as a community, we want to change the license under which the Joomla Platform is released to the LGPL. It is felt that in moving to the LGPL, we will be able to allow more people to integrate the Joomla Platform with their software solutions, and that will translate to an increase in support for the Joomla project overall.
Please give your feedback via the Joomla Platform LGPL Survey. This survey will remain open until the 2 January 2013. After the feedback is collected and reviewed, we will publish the results in a consolidated form and make a determination about what the next steps, if any, will be.
Please note, the feedback relates only to the license of the Joomla Platform. There is no proposal to change the license of the Joomla CMS.
The Joomla Platform Maintainers thank you in advance for your valued feedback.
53 queries. 9.5 mb Memory usage. 0.752 seconds.