Roudcube updated to 0.8.5

The Roundcube webmail project keeps on updating their software relentlessly, they’ve updated the stable 0.8 version and it includes several bug fixes and it fixes the recently reported XSS vulnerability.

If you use this for yourself or others it would be wise to update it.

Here is a document on how to upgrade.

PHP released 5.4.11

It’s been some time ago but the PHP development team has released 5.4.11 and you are encouraged to upgrade to this version as it fixes some bugs you can read about in the Changelog.

I haven’t encountered any problems with this release.

For instructions on how to upgrade PHP please read: Upgrading PHP.

PHP released 5.4.7

Somehow I missed several upgrades of PHP, I’m sorry about this. But today I compiled and tested 5.4.7 and I can say it will run without a problem. This release solves the following bugs:

  • Fixed bug #62955 (Only one directive is loaded from “Per Directory Values” Windows registry).
  • Fixed bug #62460 (php binaries installed as binary.dSYM).

I’ve installed this on most of my test servers without a problem.

To see the complete buglist solved in this and earlier releases, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

ClamAV 0.97.6 – update

There is a update for ClamAV available for download. The current version is 0.97.6. Upgrading is relatively easy and straight forward. All that needs to be done is remove the old version and install the new.

You can check the instructions on what to do here Upgrading ClamAV.

There is no need to reconfigure anything.

Apache updated to 2.4.3

The Apache proect has released a new version of their popular web server. This is principally a security and bug fix release, including the following 2 security fixes:

  • SECURITY: CVE-2012-3502 (cve.mitre.org) mod_proxy_ajp, mod_proxy_http: Fix an issue in back end connection closing which could lead to privacy issues due to a response mixup. PR 53727.
  • SECURITY: CVE-2012-2687 (cve.mitre.org) mod_negotiation: Escape filenames in variant list to prevent an possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled.

I’ve got this running on my servers without a problem.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

« Previous PageNext Page »