No Image

XE 1.8.12 RELEASE

2015-10-21 KENNETH 0

출처 : https://www.xpressengine.com/devlog/23092863 다운로드 : https://www.xpressengine.com/index.php?mid=download&package_id=18325662 XE 1.8.12 버전이 업데이트 되었습니다.   변경 내역 Security #1783 허용되지 않은 방식으로 act를 실행할 수 있는 문제 고침 @YJSoft POST 요청에 대한 CSRF 방어 @bnu Defect #1756 잘못된 autoload 경로 문제 고침 @kijin #1704 PHP7 환경에서 발생하는 문제 고침 @YJSoft Enhancement #1759 fileController::procFileImageResize() 함수의 $output 변수 초기화 @YJSoft #1742 CKEditor 버전 업데이트 @YJSoft #1689 커뮤니케이션 모듈의 기본 에디터를 CKEditor로 변경 @dorami Etc #1744 주석 오타 수정 defaul -> default @qkrcjfgus33 #1749 오타수정 @qkrcjfgus33

MariaDB 10.1 is stable GA

2015-10-21 KENNETH 0

출처 : https://blog.mariadb.org/mariadb-10-1-is-stable-ga/ With the release of 10.1.8, MariaDB takes a next step. MariaDB 10.1 is now considered a stable release. MariaDB 10.1 has a couple of main themes: Security High Availability Scalability During the last few years there have been many request for more security features in MariaDB. Actually it’s a trend in general. Since open source software is getting more attractive all the time, more functionality is wanted in areas where proprietary software typically has been leading. This is especially true for databases. In addition data privacy is a very hot topic. The big new thing in security for MariaDB 10.1 is a complete data at rest encryption solution. The encryption that now is in use originates from Google’s encryption patch. It has now been migrated into MariaDB 10.1. The solution is fairly advanced, encrypting the actual data files [ more… ]

No Image

Microsoft Bounty Programs Expansion – .NET Core and ASP.NET Beta Bounty

2015-10-21 KENNETH 0

Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta which Microsoft released earlier this month. .NET and ASP.NET represent critical building blocks in the Visual Studio Development Suite. This bounty is particularly interesting because the libraries and functions included in .NET enable developers to write their own programs with great security and stability, increasingly on many Operating Systems. This will extend to all supported platforms, initially including Linux and OS X, with some current exclusions to non-Windows platforms. You can find more information in the FAQs, .NET program terms and the .NET team’s blog. The highlights are as follows: .NET Core and ASP.NET Beta 8 and [ more… ]

No Image

Microsoft Bounty Programs Expansion – .NET Core and ASP.NET Beta Bounty

2015-10-20 KENNETH 0

Microsoft Bounty Programs Expansion – .NET Core and ASP.NET Beta Bounty Today, I have another exciting expansion of the Microsoft Bounty Programs to announce. Please visit https://aka.ms/bugbounty to find out more. I’ll be discussing this new bounty in my talk at SyScan360 on October 21, 2015. We are delighted to offer a bounty for the .NET Core and ASP.NET Beta which Microsoft released earlier this month. .NET and ASP.NET represent critical building blocks in the Visual Studio Development Suite. This bounty is particularly interesting because the libraries and functions included in .NET enable developers to write their own programs with great security and stability, increasingly on many Operating Systems. This will extend to all supported platforms, initially including Linux and OS X, with some current exclusions to non-Windows platforms. You can find more information in the FAQs, .NET program terms and the .NET team’s blog. The [ more… ]

No Image

MS15-107 – Important: Cumulative Security Update for Microsoft Edge (3096448) – Version: 1.1

2015-10-16 KENNETH 0

Severity Rating: ImportantRevision Note: V1.1 (October 16, 2015): Bulletin revised to announce a detection change in the 3097617 cumulative update for Windows 10. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Source: ms-security