During routine system upgrades we encountered and unexpected error which brought down the PHP service on the system for 10mins. The issue with the upgrade was tracked down and services were restored without any loss of data. We apologize for the unexpected downtime during this system upgrade.
Systm.io News and Updates
WordPress version 4.6.1 was released today which was a security release. We have already updated all customers to this new version. Below you can find the details of this release.
WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
You can read about all of the new exciting features of this release on the official announcement.
Many of you may have noticed emails coming from Sucuri letting you know that hack attempts have been attempted on your site. This is from a recent plugin that we have added to customers sites to help heighten the security that we already have in place on our setup.
If the emails are too much for you, they can be adjusted within the WordPress dashboard under Sucuri Security, and then Settings, and Alerts. Please see below for settings that you may want to adjust to cut down on any/all emails from the plugin
We advise keeping this plugin enabled as it is very handy in helping to detect if files have been changed or if bots/hackers are attempting to brute force your logins. You can read more about Sucuri and everything else that they offer on their website.
[Read more…] about Sucuri Scanner Plugin
WordPress released 4.5.2 today which was a security release. We have already updated all customers to this new version. Below you can find the details of this release.
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues.
WordPress 4.5.1 has been released which contains fixes for 12 bugs, the main being a singular class issue that broke sites based on the Twenty Eleven theme, as well as a fix for incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads in some instances.