Moodle.org: "Moodle 1.9.1 was recently released and is recommended as an upgrade for all Moodle users. There were no security bugs but over 400 issues were dealt with and there are a few minor new features, such as support for captcha during email registration."

Complete Story

The latest release in the 3.x series is ready. This release adds more portlet types, browserlayer integration, and fixes OpenID and RSS bugs. It also introduces protection against CSRF vulnerabilities in the core.

Complete Story

mojoPortal.com: "The main focus of this release is making mojoPortal more attractive, with the addition of 21 good looking new skins for a total of 34 skins now included with mojoPortal. There were also a few minor bug fixes for things reported in the Forums since the last release."

Complete Story

The PHP development team started the month of May with the release of PHP 5.2.6. With over 120 bug fixes, this release is mainly focused on stability. There are however several security enhancements in PHP 5.2.6:

• Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
• Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
• Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
• Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
• Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
• Upgraded bundled PCRE to version 7.6

References: Release Announcement, PHP 5.2.6 ChangeLog, PHP.net Download page

The Joomla! community has released a new version of their CMS, Joomla 1.5.3.

The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.3 [Vahi]. This release is earlier than scheduled in order to correct a database name validation error introduced in 1.5.2. It has been a month since Joomla! 1.5.2 was released on March 23, 2008. The goal is to provide regular, frequent updates to the Joomla! end user community containing the latest bug fixes and minor enhancements.

Latest bug fixes and enhancements in this release includes:

• Database name validation
• xHTML compliance fixes
• Help screen updates
• JFilterInput infinite loop fix
• PDF fixes for PHP 4
• Minor CSS and RTL issues

Additional information about Joomla 1.5.3 as well as goals for a future release can be found at Joomla.org.

Updated versions of MediaWiki to address some security issues has been released for MediaWiki 1.11.1, 1.10.3, and 1.9.5.

This is a security and bugfix release of the Fall, Spring, and Winter 2007 snapshot releases of MediaWiki. A potential XSS injection vector affecting api.php only for Microsoft Internet Explorer users has been closed.

To work around the vulnerability without upgrading, you may disable the API if you don't need it:

~ $wgEnableAPI = false;

Complete Story

Mambo 4.6.3 was released earlier today in recent weeks. Besides the usual security improvements and bug fixes, this version of Mambo came with some new enhancements. Some of the more notable enhancements in Mambo 4.6.3 include:

• Mostlyce upgraded to 2.4
• Mostlydbadmin upgraded to 1.5
• Geshi upgraded to 1.0.7.20
• Enhanced editor initializing
• Enhanced weblinks component, so the target param is not confusing anymore

  New minor versions of Drupal were released this week, Drupal 4.7.11 and Drupal 5.6 (see excerpt below). In case you're wondering, I have already updgraded this site to Drupal 5.6...no problems, no worries.

Drupal 4.7.11 and 5.6 are now available for download. These are maintenance releases that fix problems reported using the bug tracking system, as well as security vulnerabilities.

Upgrading your existing Drupal sites is strongly recommended.

Download

• Download Drupal 5.6.
• Download Drupal 4.7.11.

read more

As a sidebar, Drupal 6 Release Candidate 2 is also out. I promise, we'll be one of the first sites to go Drupal 6 once the software goes "gold". We may break a few things, but well worth the price for some IT glory!

A new version of e107 has been released, e107 0.7.11. There is also a hint that it's time to think about version 0.8! If you haven't tried e107 for a while, I encourage you to do so!

During my tenure as a judge in 2007 for Packt Publishing, I surprisingly ranked e107 as number two in the Overall Winner category. Given the final outcome, the other judges didn't agree with me...but I stand by my position. e107 is an open source content management system worthy of your consideration.

New year ... new e107 version - The e107 team is proud to present the latest release of e107, version 0.7.11.

"This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.

This issue has been assigned CVE-2007-5741.

Affected versions

• Plone 2.5 up to and including 2.5.4
• Plone 3.0 up to and including 3.0.2

These fixes are included in the 2.5.5 and 3.0.3 releases, at which point this hotfix can be removed."

Complete Story