Website Security Checkup – May 2017
Keeping your website software up to date is probably the single most important step for a secure website. Out of date software can make it easier for hackers to find ways to break into your website. For more information, see Software Maintenance & Website Security.
WordPress & Joomla Release Summary
Current release: 4.7.5 – NEW SECURITY RELEASE – Release date: May 16, 2017
More WordPress info
Quick overview of v4.7.5:
This release contains 6 security fixes and 3 maintenance fixes. The security issues are:
- Insufficient redirect validation in the HTTP class.
- Improper handling of post meta data values in the XML-RPC API.
- Lack of capability checks for post meta data in the XML-RPC API.
- A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog.
- A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
- A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.
Next scheduled release: 4.8, June 8, 2017
Current release: 3.7.2 – NEW – Release date: May 23, 2017
Previous release: 3.7.1 – SECURITY RELEASE – Release date: May 17, 2017
More Joomla info
Quick overview of release 3.7.2:
- This release fixes some bugs in file mime checks, module page filtering as well as some other bugs and several other minor improvements.
Quick overview of release 3.7.1:
- This release address a critical security issue as well as several bugs.
- Security issue fixed is: High Priority – Core – SQL Injection (affecting Joomla! 3.7.0)
Next scheduled release: 3.8.0, 3rd Quarter 2017
SECURITY RELEASE means that security vulnerabilities have been found in the software and will be fixed by this release. To protect your site from hackers and malware, you should update to this release as soon as possible.
Trackback from your site.