WordPress 4.7.5 - Security and Maintenance Release is now available
While waiting for the release of version 4.8, expected in June, WordPress released version 4.7.5.
This is a “Security and Maintenance Release” which doesn’t add any new feature, it fixes security and performances issues.
In particular these 6 major problems have been fixed, in addition to other 4 fixes about performances:

  1. Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
  2. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
  3. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
  4. A Cross Site Request Forgery (CSRF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

The update is available within the administration dashboard.

 

Joomla 3.7.2 is available
Joomla 3.7.2 is available, just days after the release of version 3.7.1. This release fixes an important SQL Injection available in the previous version.
No new features have been added, some bugs (and the critical vulnerability) have been fixed and other improvements to Joomla general performances have been added.

The update is available within the administration interface.

MariaDB to receive financing from the European Union
MariaDB, the popular open source database forked from MySQL and often used in LAMP stacks for CMS, will receive €25 mln from the European Union as a financing from the European Investment Bank (EIB) as part of the Juncker Plan.
The European Fund for Strategic Investments (EFSI) is part of the Juncker Plan and is one of the pillars of a first loss guarantee; the plan has the ambitious goal to create jobs using in a clever manner the available financial resources, removing obstacles and guaranteeing visibility and technical support to European projects.
MariaDB, which is based in Helsinki (Finland), is one of the most important players in the database sector, with competitors like MySQL, MongoDB and PostgreSQL; the sector sees a continuous growth rate with positive forecasts from both IDC ($50 bln market in 2017 against $40 bln in 2015) and Gartner (more than 70% of new apps are based on open source databases and conversion of more than 50% of databases based on proprietary formats to open source). According to DB-Engines, open sources databases represents 46% of the total.

PrestaShop 1.7.1.0 is now available
PrestaShop, the popular eCommerce CMS, comes to version 1.7.1.0.
New features include the support to new modules (best sellers, new products, cross-selling, paypal), the reintroduction of the “upgrade all modules” button, an improved back-end office navigation from mobile devices and improved versions of translations, overall performances and product pages links.
The update is available with the handy 1-Click Update module.

New important Magento security patches are available
New important security patches are available for Magento 2.0.14 and 2.1.7. Magento invites users to update their systems as soon as possible.

Critical vulnerabilities that are fixed with the patch include a Remote Code Execution (RCE) in the administration panel, video uploading and Zend Mail, leak of clients password hash when modifying information as admin, a possible RCE when sending reminders via email, Cross-Site Scripting (XSS) in the admin panel, Cross-Site Request Forgery (CSRF) in APIs and vulnerabilities in JavaScript libraries.
MasterCard recently added a new series of Identification Numbers (BIN): some versions of Magento already support these new BIN, but users with Enterprise 2.1.2 or minor, Enterprise 2.0.x, Enterprise 1.14.2.x and Community 1.9.2.x must patch or update their systems by June 30, 2017, otherwise MasterCard will apply fines.
Additional information at this address.

Magento invites users to patch as soon as possible.

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • GURU advisor: issue 13 - March 2017

    GURU advisor: issue 13 - March 2017

  • GURU advisor: issue 12 -  January 2017

    GURU advisor: issue 12 - January 2017

  • GURU advisor: issue 11 -  October 2016

    GURU advisor: issue 11 - October 2016

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1