Hot on the heels of Joomla 3.7.1, here’s 3.7.2. This version fixes a few bugs that were introduced in Joomla 3.7.1 and includes a few other minor tweaks. None of the changes are security-related.
There’s a new version of Joomla that addresses a critical security issue in version 3.7.0 and earlier. Anyone who manages Joomla web sites should update those sites immediately. Joomla 3.7.1 also includes a handful of non-security bug fixes.
A new version of WordPress repairs six vulnerabilities in earlier versions. Most WordPress sites are configured to automatically update themselves, but if you manage any WordPress sites, you should make sure they’re all up to date.
WordPress is the current king of Content Management Systems, but there are others, including Joomla. Web sites built on popular CMS software are enticing targets for malicious hackers, because the people who manage such sites often lack the skills to keep them secure. Keeping a CMS-based site secure mainly involves keeping the CMS software up to date.
Joomla 3.7 — released yesterday — includes over 700 improvements, eight of which are related to security. Several of the security vulnerabilities addressed affect versions of Joomla going back to 1.5 and 2.5.
Joomla 1.0 through 2.5 are no longer supported. If you’re running a site that uses those older versions of Joomla, you should upgrade to 3.7 as soon as possible, as the site is otherwise likely to be hacked.
If you run a Joomla 3.x site, you should update it to 3.7 as soon as possible. If your site currently runs Joomla 3.6.x, it’s a single click update, so there’s no excuse not to do it.
A new maintenance release of the popular Content Management System (CMS) software WordPress includes fixes for forty-seven issues. None of the fixes are related to security, but since this is a minor update, most WordPress sites will automatically update themselves. The release notes for WordPress 4.7.4 list all the changes.
If you manage any WordPress web sites, you should make sure that they are now running version 4.7.3. The new version addresses six security vulnerabilities, and includes about forty other minor changes.
Most WordPress sites are configured to install security updates like this automatically, but it’s a good a idea to check.
Most WordPress sites are configured to automatically update themselves when a new version becomes available. Still, anyone who manages any WordPress sites should make sure they are up to date with version 4.7.2, released yesterday.
WordPress 4.7.2 addresses three serious security vulnerabilities. You can find all the details in the release announcement.
Update 2017Feb02: Apparently WordPress 4.7.2 included a fix for a fourth security vulnerability, which wasn’t announced until February 2. The vulnerability is so severe that the WordPress developers didn’t want to risk anyone knowing about it until the majority of WordPress sites were updated.
A new version of WordPress includes fixes for eight serious security issues and at least sixty-two other bugs.
Most WordPress sites will update themselves automatically, but site operators should check to make sure, as some sites will be slower to update than others.
The release notes for WordPress 4.7.1 provide additional details.
Anyone who operates a web site based on the Joomla CMS (Content Management System) should drop what they’re doing and update Joomla to the new version, 3.6.5.
Joomla 3.6.5 addresses three security vulnerabilities, adds miscellaneous security hardening and includes three additional bug fixes. The release announcement provides additional details.
Joomla 3.6.4, released on October 25, addresses two critical security vulnerabilities that could allow an attacker to gain control of a Joomla-based web site.
Like WordPress, Joomla forms the basis of numerous web sites, because it’s easy to set up and manage. Its popularity and ease of use have of course also made Joomla a target for malicious hackers, who know that many Joomla sites are not kept up to date by their inexperienced owners.
If you manage a Joomla 3+ web site, please install this update as soon as possible. It’s very likely that attackers are already searching the web for vulnerable sites. Unless of course you want your site to be part of a botnet (which may sound cool, but really isn’t).