Date: Wednesday, Apr 21th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-002
Vulnerability: Cross Site ScriptingBackdrop core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
Project: Drupal core
Date: 2021-April-21
Security risk: Critical 15∕25
Vulnerability: Cross-site scriptingDrupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances.
Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.
Install the latest version:
WordPress 5.7.1 is now available!
This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.
Impact: Low
Severity: Low
Versions: 3.0.0 - 3.9.25
Exploit type: XSS
Reported Date: 2021-03-09
Fixed Date: 2021-04-13
CVE Number: CVE-2021-26030Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.
Joomla! CMS versions 3.0.0 - 3.9.25
Upgrade to version 3.9.26
Impact: Low
Severity: Low
CVE Number: CVE-2021-26031
Versions: 3.0.0 - 3.9.25
Exploit type: LFI
Reported Date: 2021-01-03
Fixed Date: 2021-04-13
Inadequate filters on module layout settings could lead to an LFI.
Joomla! CMS versions 3.0.0 - 3.9.25
Upgrade to version 3.9.26
Maintenance release of the Drupal 7 series. Includes bug fixes and small API/feature improvements only (no major, non-backwards-compatible new functionality).
No security fixes are included in this release.
This release is the first where D7 core's test suite passes tests in PHP 8.0. However, there may be remaining problems with PHP 8 in core, and it's very likely that there are problems in contrib. Please test, and report any problems in the appropriate issue queue.
Project: Fast Autocomplete
Version: 8.x-1.7, 8.x-1.6, 8.x-1.5, 8.x-1.4, 8.x-1.3, 8.x-1.2, 8.x-1.1, 8.x-1.0
Date: 2021-March-17
Security risk: Moderately critical 12∕25
Vulnerability: Access bypass
I remember poking into Backdrop's code for the first time back in October 2014, when we tried to set it up on Drupion (the older incarnation of our company). According to a popular Russian proverb, "the first pancake is always wonky," so we ran into our first Backdrop problem right then. However, with the valuable input from the Backdrop community members we quickly made necessary changes and got it up and running.
Matt Mullenweg of WordPress community has announced the release of WordPress 5.7 “Esperanza” today on March 2, 2021.
“Esperanza” is named in honor of Esperanza Spalding, a modern musical prodigy. Her path as a musician is varied and inspiring—learn more about her and give her music a listen!
WordPress 5.6.2 is now available!
This maintenance release includes 5 bug fixes. These bugs affect WordPress version 5.6.1, so you’ll want to upgrade.