Category Archives: Patches and updates

Opera 21

May 6, 2014 jrivett Leave a comment

The latest Webkit-based Opera is version 21.0.1432.57. There’s nothing much of interest in this new version, with the major change being the use of ‘Aura’, an improved desktop window manager that’s also part of the toolkit used by Google for its Chromium O/S and Chrome web browser.

There’s still no sidebar, which makes one wonder whether Opera will ever recover its former full-featured glory. The developers keep insisting that they will add missing features back to the browser, but if they’re pushing out major releases with nothing changed except a slightly faster user interface, it seems they are concentrating on the wrong things.

There are apparently no security fixes in this version.

Internet Explorer, Microsoft, Patches and updates, Security, Windows, Windows XP

Microsoft issues special update for Internet Explorer

May 1, 2014 jrivett Leave a comment

We recently reported on a serious vulnerability affecting all versions of Internet Explorer that is being exploited on the web.

Well, it appears that Microsoft sees this vulnerability as very serious, because they are planning to release an update – later today – that addresses the problem. This is an ‘out-of-band’ update, meaning that it’s considered too important to wait for the next Patch Tuesday.

Just in case you were wondering, this vulnerability affects all versions of Internet Explorer on all versions of Windows, including Windows XP. ~~But the patch will not be made available for Windows XP computers.~~

Update 2014May02: Surprisingly, Microsoft has decided to make this update available for Windows XP. I confirmed this by running Microsoft Update on my WinXP test system: security update 2964358 was offered, and I installed it without any difficulties. Reading through the associated bulletin (MS14-021) there is no explanation for this decision, but there is confirmation, in the section titled “Security Update Deployment
– Windows XP (all editions)”, and in a related post on the MSRC blog. The Verge has additional details, as does Ars Technica. The Ars Technica post includes the official explanation from Microsoft:

Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded) today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.

Update 2014May02: Another Ars Technica post makes the argument that releasing a patch for Windows XP was a mistake. The moment of truth will be Patch Tuesday for May 2014: will Microsoft stick to its guns and leave Windows XP out of the next set of patches?

Firefox, Patches and updates, Security

Firefox 29 released

May 1, 2014 jrivett Leave a comment

Another new version of Firefox was announced on April 29.

Version 29 is touted by Mozilla as ‘elegant’ and ‘the most customizable’ Firefox ever, but there’s been a lot of noise on the web from people who are unhappy with the user interface changes.

It’s not really clear why many major browser developers are trying to make their browser look exactly like Google’s Chrome, but that does seem to be what’s happening. A few months ago, Opera chucked their browser engine in favour of WebKit, with the result being that Opera is now almost indistinguishable from Chrome. Mozilla hasn’t gone that far: their browser engine hasn’t changed, but in terms of appearance, Firefox now looks a lot more like Chrome. Perhaps they think that if Firefox looks like Chrome, users won’t realize they’re not actually using Chrome.

Has anyone done any actual usability studies on these UI elements that are now so popular among developers, like rounded corners on everything? Do rounded corners make people more productive? I doubt it. Another example is Firefox 29’s tab bar, which (besides having those awesome rounded corners we should apparently care so much about) now makes unselected tabs fade out so that they are hardly visible. How is this a good thing? Mozilla seems to think that being able to read what’s on those unselected tabs is a major distraction. Nope.

As for Firefox 29 being more customizable, I beg to differ. I was previously able to open and close the bookmark toolbar with a single click of a toolbar icon. That icon is nowhere to be seen in Firefox 29. Instead, I now have to click the ‘Show your bookmarks’ icon, then click ‘View bookmarks sidebar’. This is progress?

The release notes page for Firefox 29 lists several new features and changes, none of which are particularly useful or interesting.

The best thing about Firefox 29, in my opinion, is that web site favicons – those little icons that appear next to the page title in the tab bar and desktop shortcuts – now seem to work reliably. Previous Firefox versions had a lot of trouble with some favicons.

Several security issues were fixed in version 29, so even if you think you’ll hate the new UI, you should probably upgrade anyway.

On a related note, despite my having diligently reported my problems with the Firefox release notes pages (bug #973335) and version announcement pages (bug #973330), Mozilla has done nothing to improve them, as you can see from the pages for Firefox 29.

Ars Technica has their own review of the changes in Firefox 29.

Adobe, Flash, Patches and updates, Security

Adobe releases Flash 13.0.0.206

April 28, 2014 jrivett Leave a comment

A new version of Flash, announced earlier today, addresses several security vulnerabilities, one of which (CVE-2014-0515) is being actively exploited on the Internet.

As with most Flash vulnerabilities, Adobe says that the ones addressed in this update “could potentially allow an attacker to take control of the affected system.”

The security bulletin associated with this update provides additional details regarding the security fixes.

Google Chrome will auto-update with the new version of embedded Flash, and Internet Explorer on Windows 8.x will receive Flash updates via Windows Update.

Anyone using Flash in a web browser should install the new version of Flash as soon as possible.

Chrome, Flash, Google, Patches and updates

Chrome 34.0.1847.131 released

April 25, 2014 jrivett Leave a comment

Another new version of Google’s web browser was released yesterday. Version 34.0.1847.131 includes the latest version of (embedded) Flash, as well as several stability improvements. Nine security flaws were also fixed in this version.

Microsoft, Patches and updates, Windows 8.x

Start Menu for Windows 8.x getting closer

April 24, 2014 jrivett Leave a comment

According to Ars Technica, Microsoft is planning to release another update for Windows 8.1 in August 2014. That update is expected to finally bring an actual Start menu to the troubled O/S.

Opera, Patches and updates, Security

Opera 12.17 fixes Heartbleed vulnerabilites

April 24, 2014 jrivett Leave a comment

It looks like the Opera team is planning to keep the classic version of Opera (version 12.x) alive and secure – at least for now.

An update to the pre-Webkit version of Opera was announced yesterday. The new version addresses two Heartbleed vulnerabilities in the update software.

Note that this update is for Windows only. Mac and Linux versions are unaffected.

There doesn’t seem to be a release notes page for this version. The main change log page doesn’t even list version 12.17.

Microsoft, Patches and updates, Windows 8.x

Why Windows 8.1 Update 1 is ‘required’

April 18, 2014 jrivett Leave a comment

We recently wrote about the release of Update 1 for Windows 8.1.

In that post, we noted that Microsoft was making this update mandatory for all subsequent security updates, and wondered why they would do that. Apparently we weren’t the only ones, and there was enough angry feedback that Microsoft extended the period during which Windows 8.1 systems without Update 1 could continue receiving security updates, from 30 days to 120.

But why add this kind of limitation at all?

Ars Technica may have the answer to that question. We previously wondered why Microsoft wasn’t simply labeling Update 1 as ‘Service Pack 1’, in keeping with their long-established practices. The answer is simple: Microsoft sees what Apple, Google, and other O/S developers are doing, and they want to do the same.

Anyone who owns a Mac knows that Apple’s support for previous versions of OS X is extremely limited. If you want to keep running that old version of OS X, you’re going to have problems, and you won’t have any recourse except to bite the bullet and upgrade. Often, that also means upgrading the hardware. While this is clearly a consumer-hostile stance, it’s easy to understand. Apple saves an enormous amount of money and effort that would otherwise be spent on supporting old versions, developing updates for multiple O/S versions, and so on.

It appears that Microsoft has finally started down the path away from backward-compatibility and support for old versions of Windows. This is both a good and a bad thing. Backward compatibility is why so many people still run Windows XP: why upgrade your O/S if it suits your purposes and can still be kept reasonably secure? But it’s also the source of many problems.

Moving to a more restricted update system in Windows 8.x looks like the first step in a general trend towards the less consumer-friendly model used by Apple and others. And if that’s true, we can expect more moves like this in Microsoft’s future. Which is sad, but probably inevitable.

Patches and updates, WordPress and other CMS

WordPress updates

April 17, 2014 jrivett Leave a comment

WordPress 3.8.3 was released on April 14, and WordPress sites with Auto Updates enabled should have been silently updated. In some cases, the 3.8.3 update may not have had time to auto-update before WordPress became available yesterday.

WordPress 3.8.3 fixes a minor bug that was introduced in the previous release, 3.8.2.

WordPress 3.9 makes several significant changes to the handling of media files, and makes it a bit easier for developers to experiment with widgets.

Neither release apparently includes any security fixes.

Java, Patches and updates, Security

Oracle Critical Patch Update fixes 37 issues in Java

April 16, 2014 jrivett Leave a comment

Oracle just announced a huge batch of Critical Patch Updates, including 37 updates for Java.

The updates affect all supported versions of Java, including Java 7 (7u55) and the recently-released Java 8 (8u5).

Oracle has clarified their position on the adoption of Java 8 in a special FAQ for version 8. According to that page, “The new release of Java is first made available to developers to ensure no major problems are found before we make it available on the java.com website for end users to download.”

So until Oracle decides that Java 8 is ready for general use, the main Java download page will still offer Java 7 as the ‘most recent’ version. Java 8 can be downloaded from the Oracle Java SE downloads page.

We recommend installing the latest version of Java 7 (7u55) unless you’re interested in testing your Java applications with Java 8, in which case you should install Java 8 Update 5.

boot13