No Image

XE 1.8.14 RELEASE

2015-11-11 KENNETH 0

출처 : https://www.xpressengine.com/devlog/23100799 다운로드 : https://www.xpressengine.com/index.php?mid=download&package_id=18325662 XE 1.8.14 버전이 릴리즈 되었습니다.   변경 내역 Secutiry #1796 에디터 컴포넌트와 위젯의 스타일을 이용한 XSS 문제 고침 @YJSoft 한국인터넷진흥원에서 알려주셨습니다 Defect #1780 SSL 선택적 사용시 XEDITION 레이아웃의 로그인 팝업에 SSL이 적용되지 않>는 문제 수정 @kijin #1795 선택적SSL설정에서 글 삭제시 문제점 나타나는 부분 고침 @qw5414

WordPress 4.3.1 Security and Maintenance Release

2015-10-13 KENNETH 0

출처 : https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.3.1 or venture over [ more… ]

No Image

WordPress 4.2.4 Security and Maintenance Release

2015-08-05 KENNETH 0

출처 : https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update [ more… ]