PrestaShop 1.7.3 is now available

PrestaShop announces the new 1.7.3 version, which includes improvements and new features.
Among the new features introduced we find:

  • PrestaTrust, a function which authenticates the code of the modules with PrestaTrust support and records the license information in the block-chain.
  • Right-to-left support: support for right-to-left languages (RTL) is added, such as Arabic, Hebrew, and Persian.
    A new set of demo products
  • UI kit for modules, core and back-end, with support for Bootstrap 4 jQuery 3.
  • Symfony: three new pages have been migrated to the popular PHP framework
  • Other features and improvements, such as setting delivery times, sending alerts when a product reaches low availability in stock, bulk actions in the stock, added localization in Icelandic and installation wizard in Japanese.

PrestaShop 1.7.3 is available at this address.

 Joomla 3.8.6 is now available

Joomla 3.8.6 is now available; this is a security release that doesn’t introduce any new feature, rather it fixes security issues and improves performances.
In particular, this release fixes an SQL Injection (SQLi) vulnerability.
Other improvements are about session management, performance of the com_content category view with filter by tags, reCAPTCHA V1 dismissal, and PHP 7.2 compatibility fixes.

The full release note document is available here.

WordPress 4.9.5 is now available

WordPress 4.9.5 is now available. This is a security release that doesn’t introduce any new feature, rather it fixes security issues. Improvements of this release include fixes to three different security problems: localhost is not treat as same host by default, safe redirects are used when redirecting the login page if SSL is forced and the version string is correctly escaped for use in generator tags.
There are 25 additional improvements, including:

  • The previous styles on caption shortcodes have been restored.
  • Cropping on touch screen devices is now supported.
  • A variety of strings such as error messages have been updated for better clarity.
  • The position of an attachment placeholder during uploads has been fixed.
  • Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
  • Improved compatibility with PHP 7.2.

Moreover, a roadmap has been proposed to check the compliance to the upcoming GDPR.

Drupal fixes Dupalgeddon2

Drupal published patches that fix the issues due to Drupalgeddon2, the vulnerability that allowed hackers to gain full control of vulnerable sites.

Vulnerability CVE-2018-7600 is contained in the API that manage database queries and allows SQL injection attacks, thus allowing an hacked to send crafted requests that result in privilege escalation and PHP code execution. The vulnerability can be exploited by anonymous users by visiting a specific URL.
Drupal suggests to update as soon as possible.

The original Drupalgeddon happened in 2014 and left many sites vulnerable.

New versions of Magento are available

Magento has released new versions of Magento (Commerce and Open Source) 2.2.3, 2.1.12, 2.0.18 and SUPEE-10570 for Magento 1.x.

Patches include 50 security updates that solve, among others, CSRF, data leak and RCE vulnerabilities . Magento 2.2.3 introduces a more granular management of permissions for cache management tasks.

The updates are available for download and installation via My Account (Commerce version) or via the open source download page (Open Source version). Further information can be found at the following addresses:

Release notes for Magento Open Source versions are available at the following addresses:

Release notes for Magento Commerce versions are available at the following addresses: