A new maintenance release of the popular Content Management System (CMS) software WordPress includes fixes for forty-seven issues. None of the fixes are related to security, but since this is a minor update, most WordPress sites will automatically update themselves. The release notes for WordPress 4.7.4 list all the changes.
If you manage any WordPress web sites, you should make sure that they are now running version 4.7.3. The new version addresses six security vulnerabilities, and includes about forty other minor changes.
Most WordPress sites are configured to install security updates like this automatically, but it’s a good a idea to check.
Most WordPress sites are configured to automatically update themselves when a new version becomes available. Still, anyone who manages any WordPress sites should make sure they are up to date with version 4.7.2, released yesterday.
WordPress 4.7.2 addresses three serious security vulnerabilities. You can find all the details in the release announcement.
Update 2017Feb02: Apparently WordPress 4.7.2 included a fix for a fourth security vulnerability, which wasn’t announced until February 2. The vulnerability is so severe that the WordPress developers didn’t want to risk anyone knowing about it until the majority of WordPress sites were updated.
A new version of WordPress includes fixes for eight serious security issues and at least sixty-two other bugs.
Most WordPress sites will update themselves automatically, but site operators should check to make sure, as some sites will be slower to update than others.
The release notes for WordPress 4.7.1 provide additional details.
Anyone who operates a web site based on the Joomla CMS (Content Management System) should drop what they’re doing and update Joomla to the new version, 3.6.5.
Joomla 3.6.5 addresses three security vulnerabilities, adds miscellaneous security hardening and includes three additional bug fixes. The release announcement provides additional details.
Joomla 3.6.4, released on October 25, addresses two critical security vulnerabilities that could allow an attacker to gain control of a Joomla-based web site.
Like WordPress, Joomla forms the basis of numerous web sites, because it’s easy to set up and manage. Its popularity and ease of use have of course also made Joomla a target for malicious hackers, who know that many Joomla sites are not kept up to date by their inexperienced owners.
If you manage a Joomla 3+ web site, please install this update as soon as possible. It’s very likely that attackers are already searching the web for vulnerable sites. Unless of course you want your site to be part of a botnet (which may sound cool, but really isn’t).
WordPress sites that are configured to install minor updates automatically should be auto-upgraded to version 4.6.1 in the next few days, but anyone who manages a WordPress site should immediately verify this, and install the update manually if it’s not already running 4.6.1.
The latest version of Joomla is causing problems for web servers running older versions of PHP. Affected Joomla sites are still accessible, but users and administrators are unable to log in.
An announcement on the Joomla web site, and another in the Joomla documentation, provide details and workarounds for problems caused by the update, but web servers running PHP 5.3 won’t find them particularly helpful. If you administer a web server running PHP 5.3, the solution is to either wait for Joomla 3.6.2, or make some changes to a single Joomla file, as outlined in this fix on Github.
In case you’re wondering why any diligent web server administrator would still be running a version of PHP that is known to be insecure, what’s actually going on in most cases is that the admin is running a custom build of PHP that has had all relevant security fixes applied. For example, these custom builds of PHP are provided for Ubuntu LTS (Long Term Support) releases to allow for maximum security and stability.
Update 2016Aug05: That was fast. Joomla 3.6.2 is now available, and it fixes the PHP 5.3 compatibility issue.
WordPress sites that are configured for automatic updates should be running version 4.5.3 by now. However, it’s still a good idea to make sure, because the auto-update system isn’t perfectly reliable.
WordPress 4.5.3 addresses several critical security vulnerabilities found in previous versions. It also fixes at least seventeen other bugs.
A serious security vulnerability is addressed in the latest release of WordPress, version 4.5.2. Anyone who manages a WordPress site is strongly advised to update to the new version immediately, or – if auto-updates are enabled – at least log in and make sure that the update was actually installed.