If you use the WordPress 2.5 blog software on your site, be sure to upgrade to WordPress 2.5.1 as soon as possible. The upgrade contains an important security fix. (We’ve updated our own blog, and it was painless.)
Although all WordPress users should upgrade right away, we’ve also added a security rule to our servers to try and protect our customers who haven’t yet upgraded. Other people may also find the security rule useful if they use mod_security on Apache Web servers. The rest of this post contains more technical details.
Read the rest of this entry »
We’ve updated several things on our servers today:
- Ruby on Rails was updated from version 1.2.3 to 1.2.6. (If you use Rails on your site, our page explaining how to freeze Rails explains how you can get total control of Rails updates.)
- phpMyAdmin was updated from version 2.11.2.1 to 2.11.2.2.
- The WordPress software that runs this blog was updated to version 2.3.1. That doesn’t directly affect our customers — but if you’ve installed your own version of WordPress on your own site, this is a good reminder to update it: some older versions have security vulnerabilities. (We found that the update from 2.2.X to 2.3.1 was painless.)
We’ve installed several security updates recently. We’ve updated PHP 4, PHP 5, the ClamAV antivirus scanner, and some XFree86 libraries. In addition, we’ve updated our own blog to use WordPress 2.2 — if you use WordPress, make sure you’ve done the same.
Read the rest of this entry »
