An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
As we greet a new year, WordPress’ Executive Director writes a letter to the project and community that speaks to the hopes of the year ahead.
Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording.
Credits
- Editor: Dustin Hartzler
- Logo: Beatriz Fialho
- Production: Chloé Bringmann
- Song: Fearless First by Kevin MacLeod
Transcript
Josepha Haden Chomphosy 00:10
Hello, everyone, and welcome to the WordPress Briefing. The podcast where you can catch quick explanations of the ideas behind the WordPress open source project, some insight into the community that supports it, and get a small list of big things coming up in the next two weeks. I’m your host, Josepha Haden Chomphosy. Here we go!
Josepha Haden Chomphosy 00:40
Yesterday marked three years since the WordPress project welcomed me as their executive director. As I start my fourth year, I’ve spent a bit of time considering what the next five years will bring us. WordPress will turn 19 this year, which means that we will soon be a whopping 20 years old; for some of the people who have been with the project since the beginning, that can represent two-thirds of their whole life. And even if you were not that young when you got here, two decades as an open source project is really a cause for celebration.
Josepha Haden Chomphosy 01:10
I am not in that group that has been here forever. I showed up for the first time in 2009, as a community organizer, self-sponsored, and I learned so much about myself as a person and as a leader while I was doing that. So when I arrived as a sponsored contributor in 2015, I already knew exactly what made this work so fulfilling for me was these three things:
Josepha Haden Chomphosy 01:34
First, the ability to lend a hand in those moments where I wish someone had lent a hand.
Josepha Haden Chomphosy 01:40
Second is the delight of seeing people’s first successes and the joy of watching them grow over time.
Josepha Haden Chomphosy 01:48
And the third was a chance to be part of something great, which turned out to be something greater; greater than me or you or a CMS.
Josepha Haden Chomphosy 01:58
This list is still at the heart of what I feel I get out of the WordPress project. But it has also grown substantially in my seven years as a sponsored contributor. I now also love how we as a community of contributors get to foster a better way to lead and a better way to collaborate. And through those things help people find a way to have a better life. Not just through WordPress, the CMS, but through WordPress, the people, and WordPress, the project.
Josepha Haden Chomphosy 02:25
And so when I think of what I want for WordPress in its 19th year, so that we can head with confidence and dignity into our 20th year, it is this:
Josepha Haden Chomphosy 02:35
I want you to remember that you are not alone here. People come together in the world often because of a shared location. But WordPress fosters this beautiful experience of bringing us together because of what we care about. Whether you care about PHP standards, diversity in technology, helping people with their first big wins, making WordPress more secure. I mean, if what you care about is being able to write the most arcane and complex apps on top of WordPress that the world has ever seen. Then there are others out there who want to do that with you, too. We have so many things to connect about. And fortunately, we support a great piece of software for getting our thoughts out in the world. Take some time to see who else shares your thoughts and potentially learn a bit about the view from the other side.
Josepha Haden Chomphosy 03:26
And speaking of the other side, I also want us to approach our discussions as the US versus the Problem TM. WordPress may be 20 years old, and we may stand on the shoulders of giants, but right now, the people who are here you, you are explorers and creators and guides toward the best possible future for WordPress. The tension that we witness between teams is always about the best possible answers for the people who use our software. It is about securing the freedoms of the open web for everyone who comes after us whether they know they need those freedoms or not.
Josepha Haden Chomphosy 04:04
And finally, I want us to expand our reasons for doing this at all. If you are a member of the community of contributors, We frequently talk about how we give back because WordPress gave to us. Or if you are part of a Five for the Future group. You have heard that companies who have experienced success because of WordPress should commit 5% of their resources back to the project to ensure WordPress’ long-term success. But the reason that I keep doing this, and hopefully a new reason for you to keep doing this is that we can take part in securing opportunities for future users of WordPress.
Josepha Haden Chomphosy 04:42
Yes, I want WordPress to be the best CMS. Yes, I want this community to be vibrant and engaged. Yes, I want WordPress to be a shining beacon of how to work remotely. And I want all of that because I know it is our careful and tireless stewardship of this project that lets us continue to lend a hand in those moments where people wish for someone to lend a hand.
Josepha Haden Chomphosy 05:11
Those are my hopes for WordPress in 2022 to move us forward into WordPress of the future. I hope you all will come with me and we can continue our journey together.
Josepha Haden Chomphosy 05:23
Thanks again for listening. I’m Josepha Haden and this is the WP Briefing. See you again in a couple of weeks.
In the January 2022 survey we received responses from 1,167,715,133 sites across 269,835,071 unique domains and 11,700,892 web-facing computers. This reflects a loss of 1.15 million sites, but a gain of 1.51 million domains and 31,100 computers.
nginx lost 7.33 million sites this month (-1.91%) but continues to be the most commonly used web server with 32.3% of all sites using it. Although nginx’s share has fallen, Apache is still more than eight percentage points behind after losing 3.70 million sites (-1.31%), which has taken its own market share down to 23.9%.
nginx also leads in the domains metric, where it has a share of 26.6% compared with Apache’s 23.9%. This reflects a small reduction in nginx’s share – despite a modest gain of 25,400 domains – while Apache suffered the largest loss of 287,000 domains.
The largest site and domain growth was seen by Pepyaka, which is a web server that has primarily been used by the Wix web development platform since it switched from using nginx in 2018. The number of sites using Pepyaka grew by 4.02 million to 7.30 million this month, while its domain count went up by 1.80 million to 3.30 million.
The next largest domain growth was seen by OpenResty, which gained 686,000 domains this month, and 1.34 million sites in total. The second largest site growth was seen by Microsoft, which gained 2.46 million sites and now accounts for 4.86% of all sites and 5.00% of all domains.
Constraining the view to active sites, Apache is still the most commonly used web server, but its market share has fallen slightly to 23.4% after losing more than half a million active sites this month. Meanwhile, nginx gained 230,000 active sites and has increased its share to 20.2%.
Apache also maintains a slight lead in the top million websites, where it is used by 235,000 sites compared with 222,000 for nginx. However, Cloudflare has increased its presence by a further 4,959 sites and is now not too far behind with a total of 191,000. If this trend continues, Cloudflare could soon overtake both nginx and Apache to become the most commonly used top-million web server.
Looking at web-facing computers, nginx’s strong growth continues unabated. This month it is being used by an additional 32,700 web-facing computers and its market share has increased to 37.7%. Its lead over Apache was further extended by Apache’s loss of 29,100 computers, which sent Apache’s share down to 29.9%.
Vendor news
- Apache 2.4.52 was released on 20 December 2021. This is the latest release from the 2.4.x stable branch and includes two security fixes amongst a host of other changes.
- Apache Tomcat 9.0.56, 10.0.14 and 10.1.0-M8 (alpha) were released on 8 December 2021. Each of these versions include a fix for a known operating system bug that could cause incoming connections to be reported more than once.
- nginx 1.21.5 was released on 28 December 2021. This is the latest release in the mainline branch of nginx and is now built with the PCRE2 library by default.
- njs 0.7.1 was also released on 28 December 2021. This release includes several bugfixes and some other changes to ensure that njs scripts use the same regular expression library as nginx.
- Microsoft has mitigated an insecure default behaviour in the Azure App Service that inadvertently exposed hundreds of source code repositories. The team that found the vulnerability noted that it had existed since September 2017 and has probably been exploited in the wild. The problem could have impacted PHP, Node, Ruby, Python and Java applications that serve static content, as well as some Azure App Service Linux applications that were deployed using Local Git after files were created or modified in the content root.
- Cloudflare has introduced a new product called Bulk Redirects, which lets website administrators upload and enable large numbers of URL redirects. These were typically implemented with Page Rules before, which are limited to a maximum of 125 redirects.
- OpenResty 1.21.4.1 RC1 was released on 16 December 2021. This version is based on nginx 1.21.4 and adds several new features including support for BoringSSL.
Developer | December 2021 | Percent | January 2022 | Percent | Change |
---|---|---|---|---|---|
nginx | 384,347,394 | 32.88% | 377,019,054 | 32.29% | -0.60 |
Apache | 283,409,491 | 24.25% | 279,709,815 | 23.95% | -0.29 |
OpenResty | 78,902,138 | 6.75% | 80,238,470 | 6.87% | 0.12 |
Cloudflare | 59,904,450 | 5.13% | 60,881,028 | 5.21% | 0.09 |
Developer | December 2021 | Percent | January 2022 | Percent | Change |
---|---|---|---|---|---|
Apache | 47,216,246 | 23.61% | 46,644,962 | 23.44% | -0.17 |
nginx | 39,893,793 | 19.95% | 40,123,740 | 20.16% | 0.22 |
19,110,508 | 9.55% | 19,230,425 | 9.66% | 0.11 | |
Cloudflare | 19,249,127 | 9.62% | 19,139,496 | 9.62% | -0.01 |
For more information see Active Sites
Developer | December 2021 | Percent | January 2022 | Percent | Change |
---|---|---|---|---|---|
Apache | 237,633 | 23.76% | 234,798 | 23.48% | -0.28 |
nginx | 222,253 | 22.23% | 221,637 | 22.16% | -0.06 |
Cloudflare | 185,945 | 18.59% | 190,904 | 19.09% | 0.50 |
Microsoft | 61,460 | 6.15% | 60,435 | 6.04% | -0.10 |
Developer | December 2021 | Percent | January 2022 | Percent | Change |
---|---|---|---|---|---|
nginx | 4,374,721 | 37.49% | 4,407,419 | 37.67% | 0.18 |
Apache | 3,525,367 | 30.21% | 3,496,312 | 29.88% | -0.33 |
Microsoft | 1,351,666 | 11.58% | 1,365,985 | 11.67% | 0.09 |
Developer | December 2021 | Percent | January 2022 | Percent | Change |
---|---|---|---|---|---|
nginx | 71,698,143 | 26.72% | 71,723,527 | 26.58% | -0.14 |
Apache | 64,739,258 | 24.13% | 64,452,169 | 23.89% | -0.24 |
OpenResty | 39,651,221 | 14.78% | 40,336,851 | 14.95% | 0.17 |
Cloudflare | 22,242,224 | 8.29% | 22,466,034 | 8.33% | 0.04 |
Update to 1.12.3 Fixes these two security issues: * CVE-2021-43860 or https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j * CVE-2022-21682 or https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx Full release notes: https://github.com/flatpak/flatpak/releases/tag/1.12.3
– kombu 5.2.3: https://github.com/celery/kombu/blob/master/Changelog.rst#523 – celery 5.2.3: https://github.com/celery/celery/blob/master/Changelog.rst#523