The length of an RSA public key gives an indication of the strength of the encryption — the shorter the public key is; the easier it is for an attacker to brute-force. An attacker, armed with a compromised private key derived from a short public key, would be able to decrypt both past and future […]
WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions. After nearly 15 million downloads since 3.4 was released not three months ago, we’ve identified and fixed a number of nagging bugs, including: Fix some issues with older browsers in the administration area. Fix an issue where a theme […]
More than a thousand websites – including several government sites – are still using SSL certificates with weak signature algorithms.
Over the years the Internet community has been taught that one of the key steps in protecting their personal information on the Internet is to ensure that it is entered only over an encrypted connection, perhaps by looking for the lock symbol in the browser address bar or web addresses beginning with https://. As a […]
I’m happy to announce the formation of a new official contributor group within the WordPress project for the organizers of in-person events that promote WordPress. Though there are hundreds of people around the globe organizing WordCamps, WordPress meetups, hackathons, free classes and the like, since their “projects” were all happening locally there was never a […]
WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks! This maintenance release addresses 18 bugs with version 3.4, including: Fixes an issue where a theme’s page templates were sometimes not detected. Addresses problems with some category permalink […]
Inadequate checking leads to possible user privilege escalation.
Joomla! versions 2.5.4 and all earlier 2.5.x versions
Upgrade to version 2.5.5
Reported by Nils Rückmann
The JSST at the Joomla! Security Center.
Inadequate filtering leads SQL error and information disclosure.
Joomla! versions 2.5.4 and all earlier 2.5.x versions
Upgrade to version 2.5.5
Reported by Jakub Galczyk
The JSST at the Joomla! Security Center.
The information in this post is about a project in motion. The final delivery may differ from what is discussed here, especially as we consider the feedback you have. Our last article discussed changing from compile-on-demand to delivery of pre-compiled…
WordPress 3.4 is here and out the door. We’ve dubbed this release “Green” in honor of guitarist Grant Green whose soulful simplicity has kept many of us company during this release. This release includes significant improvements to theme customization, custom headers, Twitter embeds, and image captions — here’s a short clip with the highlights: For […]
The third release candidate for WordPress 3.4 is now available. Since RC2, we’ve fixed a few lingering issues with the new live preview feature, as well as with custom headers and backgrounds. There are no remaining issues, and we plan to release 3.4 in the coming days. But if you think you’ve found a bug, […]
The second release candidate for WordPress 3.4 is now available. Since RC1, we’ve made a few dozen final changes. Our goal is to release WordPress 3.4 early next week, so plugin and theme authors, this is likely your last chance to test your plugins and themes to find any compatibility issues before the final release. […]
For many years installing and using cPanel & WHM has involved compiling software on-demand. Want Apache and PHP? Run /scripts/easyapache, which builds those and all dependencies from source. Want perl installed? Download and run the perl installer from httpupdate.cpanel.net, which…
With cPanel & WHM 11.28 the ability for server owners to provide custom webmail applications was introduced. To demonstrate this feature we introduced the Atmail Open plugin. Recently Atmail Inc., the creators of Atmail Open, decided to no longer provide…
The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below. Information regarding cPanel’s Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 59634 Summary Arbitrary File Write vulnerability in…
cPanel is pleased to announce the release of cPanel & WHM 11.32.3.19 to the RELEASE tier. This monumental release comes from a new development style; focusing on delivering resolution to cases as soon as possible instead of waiting for the next…
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. If your…
The first release candidate (RC1) for WordPress 3.4 is now available. If you haven’t tested WordPress 3.4 yet, now is the time!
cPanel is very excited about the HostingCon debut of cPanel University! cPanel University is a cPanel Certification that you can use to brag about how much you know about cPanel & WHM. That is if you can pass. We don’t…
Been hanging out with a few WordPress.org hackers — Scott, Nacin, and Otto — the last few days in a BBQ-fueled haze of hacking to make plugin directory better. There are over 19,000 plugins listed and they’re really the heart and soul of WordPress for many people, so they deserve a little tender loving care. […]
You may have heard the news that future releases of cPanel & WHM will include SEO and Marketing Tools by Attracta. With over 2 million websites running SEO and Marketing Tools, Attracta makes the world’s most popular SEO Tools. cPanel…
Each year, the WordPress core development team meets in person for a week to work together and discuss the vision for WordPress in the coming year. As annual events go, it’s easily my favorite. Don’t get me wrong, I love attending WordCamps and local WordPress meetups (which are awesome and you should try to attend […]
cPanel & WHM servers using the default cPanel PHP CGI configuration are not vulnerable to the command line switch vulnerability. A recently disclosed flaw in PHP’s CGI implementation allows malicious users to remotely view and execute source code. The exploit…
EasyApache 3.12 improves CloudLinux’s modhostinglimits, modmono compatibility on CentOS 4, and mod_ruid2 to suPHP support We are excited to announce the release of EasyApache 3.12. The latest version provides numerous updates. CloudLinux’s mod_hostinglimits has been updated to 0.9-5. This will…
WordPress 3.3.2 is available now and is a security update for all previous versions. Three external libraries included in WordPress received security updates: Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. SWFObject, which WordPress previously used to embed […]
As you may already know, we have been working hard to release 11.32.2 in our production tiers. It is currently available in EDGE, CURRENT, and RELEASE tiers. Currently over half of cPanel & WHM installs are running 11.32.2. This release…
Howdy, folks! Another week, another beta. Since we released Beta 1 last week, we’ve committed more than 60 bug fixes and feature adjustments based on testing and feedback. If you’ve been testing Beta 1, please update to Beta 2 to make sure things are still working for you. If you are a theme or plugin […]
I see a lot of sites get hacked a ton of different ways. This is a topic, that could go on for days. There are 3 major ways, that sites get hacked bad passwords, insecure permissions, out of date software. […] ↓ Read the rest of this entry…
Houston, TX — cPanel & WHM version 11.32, which released today to the RELEASE tier, offers numerous updates, including enhancements to mail functionality and login screens. It also officially supports DKIM and includes the Logaholic web analytics application. This latest…
55 queries. 9.75 mb Memory usage. 0.884 seconds.