#wordpress 5.0 beta 3 is out, which means they are close to releasing 5.0
Planned date of release is 19th November.
Well at least this time #WordPress had a nice simple clear patch for what was needed to backport.
Sometimes their changelogs and patches don't line up, in so far as finding the security fixes.
How to setup AppArmor so it limits the WordPress code to access only what it needs and not everything available to the #Apache user. AppArmor is a Mandatory Access Control (MAC) system similar to #SELinux
It is in complain mode and I need to do more tests like upload an image but it is reasonably simple to setup.
I think I'll lock off theme and plugin updates by default and switch them on when needed.
What is a worry is the non WordPress WSGI stuff just works with no rules. I'm not sure why.
You may have seen a lot of noise about 4.9.4 and how the sky is falling with 4.9.3 and you really need to update. The problem with 4.9.3 is it breaks the auto-update but if you use the Debian packages you don't use that method anyhow.
Still its good to update, if only to have the latest set of WordPress bugs in your system.
This update does not have the resource DoS fix ( CVE 2018-6389 )
#WordPress servers vulnerable to a DoS attack in the resource request area
And there is the #wordpress security release.
From what I am seeing on trac looks like there will soon be a new #wordpress maintenance and maybe security release
At first I thought WordPress had another security bug but this time it's hacked sites running something bad in the themes. A key logger and Bitcoin miner as the payload.
Why themes? These are usually updated via the website so are writable by the web server process. Often the core WordPress code is not.
Free Software programmer, network engineer and Debian developer.
100% tomato verified. 🍅✔
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!