The Joomla Project announces the immediate availability of Joomla 1.5.19 [Wojmamni ama batani]. This is a security release.
The Development Working Group’s goal is to continue to provide regular, frequent updates to the Joomla community.
The Joomla Project announces the immediate availability of Joomla 1.5.18 [Wojmamni ama wojnaiki]. This is a security release and also corrects one priority issue in version 1.5.17.
The Development Working Group’s goal is to continue to provide regular, frequent updates to the Joomla community.
Arm your vuvuzelas: WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download (or upgrade within your dashboard). Major new features in this release include a sexy new default theme called Twenty Ten. Theme developers have new APIs that allow them to easily implement custom backgrounds, headers, shortlinks, menus (no more file editing), post types, and taxonomies. (Twenty Ten theme shows all of that off.) Developers and network admins will appreciate the long-awaited merge of MU and WordPress, creating the new multi-site functionality which makes it possible to run one blog or ten million from the same installation. As a user, you will love the new lighter interface, the contextual help on every screen, the 1,217 bug fixes and feature enhancements, bulk updates so you can upgrade 15 plugins at once with a single click, and blah blah blah just watch the video. 
(In HD, if you can, so you can catch the Easter eggs.)
Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.
After over a million downloads of WordPress 2.9 and lots of feedback from all of you, we’re releasing WordPress 2.9.1. This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts. If any of these issues affect you, give 2.9.1 a try. Download 2.9.1 or upgrade automatically from the Tools->Upgrade menu in your blog’s admin area.
I want to make you mine, all the time… oh wait. Hello. I’m here on behalf of the entire WordPress development team and community to announce the immediate availability of WordPress version 2.9 “Carmen” named in honor of magical jazz vocalist Carmen McRae (whom we’ve added to our Last.fm WP release station). You can upgrade easily from your Dashboard by going to Tools > Upgrade, or you can download from WordPress.org. And of course, it wouldn’t be a major release without a short video summarizing some of the cool things about the new version:
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
The Joomla Project announces the immediate availability of Joomla 1.5.15 [Wojmamni ama mamni]. It has been three months since Joomla 1.5.14 was released on July 30, 2009.
The Development Working Group’s goal is to continue to provide regular, frequent updates to the Joomla community.
As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.