Mautic Community Manifesto

Mautic is an Open Source Project created and driven by DB Hurley, who also founded Mautic Inc. (which was recently acquired by Acquia). To further sharpen the vision for Mautic’s future, there has been a public process to determine the community’s position and express its expectations.  A lot of good Continue Reading

CentOS News

Welcoming Packet.net as new sponsor for CentOS.org infra – Blog.CentOS.org

It’s not a secret that the CentOS project has always been running on sponsored infra since the beginning of the journey. While over the years we sometimes lost some “sponsors”, we are always happy to see new ones joigning us . That’s especially true for the infra used to “seed” the Continue Reading

CentOS News

CentOS15 – Blog.CentOS.org

Happy birthday, CentOS! [embedded content] 15 years ago, the CentOS project started up in order to fill a gap left by a change in the way that Red Hat decided to market their product. Many of the people that were involved in those early days are still involved today, although Continue Reading

[20170901] – Core – Information Disclosure

Project: Joomla! SubProject: CMS Severity: Low Versions: 3.7.0 through 3.7.5 Exploit type: Information Disclosure Reported Date: 2017-August-4 Fixed Date: 2017-September-19 CVE Number: CVE-2017-14595 Description A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. Affected Installs Continue Reading

[20170902] – Core – LDAP Information Disclosure

Project: Joomla! SubProject: CMS Severity: Medium Versions: 1.5.0 through 3.7.5 Exploit type: Information Disclosure Reported Date: 2017-July-27 Fixed Date: 2017-September-19 CVE Number: CVE-2017-14596 Description Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password. Affected Installs Joomla! CMS versions 1.5.0 through 3.7.5 Solution Upgrade Continue Reading

Joomla! 3.8.0 Release

The Joomla! Project is proud to announce the release of Joomla! 3.8, the latest in the Joomla! 3 series. This new release features over 300 improvements to the popular CMS, with two primary major features aimed at developers: the new routing system and the beginning of a forward compatibility layer Continue Reading

[20170704] – Core – Installer: Lack of Ownership Verification

Project: Joomla! SubProject: CMS Installer Severity: High Versions: 1.0.0 through 3.7.3 Exploit type: Lack of Ownership Verification Reported Date: 2017-Apr-06 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11364 Description The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control. Please note: Already installed sites are not affected, Continue Reading

[20170705] – Core – XSS Vulnerability

Project: Joomla! SubProject: CMS Severity: Low Versions: 1.5.0 through 3.7.3 Exploit type: XSS Reported Date: 2017-April-26 Fixed Date: 2017-July-25 CVE Number: CVE-2017-11612 Description Inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 1.5.0 through 3.7.3 Solution Upgrade to version 3.7.4 Contact The JSST Continue Reading

[20170701] – Core – Information Disclosure

Project: Joomla! SubProject: CMS Severity: High Versions: 1.7.3 – 3.7.2 Exploit type: Information Disclosure Reported Date: 2016-Feb-05 Fixed Date: 2017-July-04 CVE Number: CVE-2017-9933 Description Improper cache invalidation leads to disclosure of form contents. Affected Installs Joomla! CMS versions 1.7.3-3.7.2 Solution Upgrade to version 3.7.3 Contact The JSST at the Joomla! Security Centre. Reported Continue Reading

[20170703] – Core – XSS Vulnerability

Project: Joomla! SubProject: CMS Severity: Low Versions: 1.5.0 through 3.6.5 Exploit type: XSS Reported Date: 2017-June-22 Fixed Date: 2017-July-04 CVE Number: CVE-2017-7985 Description Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 1.5.0 through 3.6.5 Solution Upgrade to version 3.7.3 Contact The JSST at the Continue Reading

>